Hello all,

I'm currently working on data integration for one of our customers. They are using Maconomy database system and they have set up some kind of web service through which we can access data and transfer it between Salesforce and Maconomy. At first we tried to use normal HTTP connection, but they couldn't change to port 80 as they had other services connected on that web service as well. So we decided to move to secure connection later to match Salesforce port range. 

First we have tried with two-way SSL connection but we had a lot of problems. First I'm constantly getting an error message:

System.CalloutException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

First we thought it was certificate problem. We created CA signed request inside Salesforce and sent it to our partner to sign it and they have returned signed certificate which we imported into Salesforce. Problem was that thing didn't worked (error above). Then I deleted certificate from org and requested a JKS certificate from them to import into Salesforce. Import was unsuccessful as nothing happened when I clicked import, no certificate has shown in org, nothing. 

Then we decided to just one one-way SSL secured conenction until we get data integration done, but we still have problems with error above. I have already spent a lot of day trying different things but nothing seems to work. I have also tried to connect directly to their web service through rest client extension for chrome with success so one way SSL connection seems to work, but not in Salesforce. The connection uses 10443 port. 

Now I would like to know what might be wrong here, their certificate is Signed with GeoTrust Global CA as is shown on this picture (the deleted part is the actual name of their company, I deleted it for security reasons): 


Here is some code snippet from my testing web service (code is not final as I'm only trying to get thigns work first):

Http h = new Http();
HttpRequest req = new HttpRequest();
req.setEndpoint('https:/link-address:10443/some-things-after');
req.setHeader('Accept-Encoding', 'gzip,deflate');
req.setHeader('Content-Type', 'text/xml;charset=UTF-8'); 
req.setHeader('SOAPAction', 'https:/link-address:10443/some-things-after');
req.setHeader('Host', 'https://link-address:10443');
req.setHeader('Connection', 'Keep-Alive');
req.setMethod('POST');
req.setTimeout(120000);
req.setBody('format=JSON&type=TYPE_MQLQuery&user=******&pass=*******&mqlquery=mselect+Name1+from+OrderHeader+where+OrderNumber+%3D+100&mqlparams=%7B%7D&SimulationOnly=1');
		
HttpResponse res = new HttpResponse();
res = h.send(req);

Code always fails at last line when I send request. 

Now my question is, what can be done about that error? Is there something wrong with their certificate, server settings or Salesforce? I would really like to get this thing going ASAP as we are already 2 weeks behind schedule because of this connectivity issue. :( 

Best regards.

Hello all,

I'm currently working on data integration for one of our customers. They are using Maconomy database system and they have set up some kind of web service through which we can access data and transfer it between Salesforce and Maconomy. At first we tried to use normal HTTP connection, but they couldn't change to port 80 as they had other services connected on that web service as well. So we decided to move to secure connection later to match Salesforce port range. 

First we have tried with two-way SSL connection but we had a lot of problems. First I'm constantly getting an error message:

System.CalloutException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

First we thought it was certificate problem. We created CA signed request inside Salesforce and sent it to our partner to sign it and they have returned signed certificate which we imported into Salesforce. Problem was that thing didn't worked (error above). Then I deleted certificate from org and requested a JKS certificate from them to import into Salesforce. Import was unsuccessful as nothing happened when I clicked import, no certificate has shown in org, nothing. 

Then we decided to just one one-way SSL secured conenction until we get data integration done, but we still have problems with error above. I have already spent a lot of day trying different things but nothing seems to work. I have also tried to connect directly to their web service through rest client extension for chrome with success so one way SSL connection seems to work, but not in Salesforce. The connection uses 10443 port. 

Now I would like to know what might be wrong here, their certificate is Signed with GeoTrust Global CA as is shown on this picture (the deleted part is the actual name of their company, I deleted it for security reasons): 


Here is some code snippet from my testing web service (code is not final as I'm only trying to get thigns work first):

Http h = new Http();
HttpRequest req = new HttpRequest();
req.setEndpoint('https:/link-address:10443/some-things-after');
req.setHeader('Accept-Encoding', 'gzip,deflate');
req.setHeader('Content-Type', 'text/xml;charset=UTF-8'); 
req.setHeader('SOAPAction', 'https:/link-address:10443/some-things-after');
req.setHeader('Host', 'https://link-address:10443');
req.setHeader('Connection', 'Keep-Alive');
req.setMethod('POST');
req.setTimeout(120000);
req.setBody('format=JSON&type=TYPE_MQLQuery&user=******&pass=*******&mqlquery=mselect+Name1+from+OrderHeader+where+OrderNumber+%3D+100&mqlparams=%7B%7D&SimulationOnly=1');
		
HttpResponse res = new HttpResponse();
res = h.send(req);

Code always fails at last line when I send request. 

Now my question is, what can be done about that error? Is there something wrong with their certificate, server settings or Salesforce? I would really like to get this thing going ASAP as we are already 2 weeks behind schedule because of this connectivity issue. :( 

Best regards.