0

I am trying to do the following;

From salesforce.com I call http get or post and post a json object using httpRequest system class. but I am getting following exception (it is https):

java.security.cert.CertificateException: No name matching issue mywebsite.com found

I have configured this website in the remote host already. Does anyone have some idea what could be wrong here?

AlG
  • 14,697
  • 4
  • 41
  • 54
Rahul
  • 197
  • 4
  • 17

2 Answers2

1

Are you missing a call to req.setClientCertificateName?

I have APEX code where Salesforce calls out to a web service on my site. I protected it with client-side SSL. My website, the host, authorizes the client cert from Salesforce.com (vs traditional web SSL where the browser client authorizes the server cert). You can create a self-signed certificate in Salesforce Admin under Certificate and Key Management and then reference it with a call to req.setClientCertificateName. Here is some code from my production org: 

HttpRequest req = new HttpRequest();
req.setMethod('POST');
req.setHeader('Host', 'www.mywebsite.com');
req.setEndpoint('https://www.mywebsite.com/post.asp');
try {
    req.setClientCertificateName('Cert_For_MyWebSite');
} catch (System.CalloutException e) {
    // The cert doesn't make it to the sandbox
}
req.setHeader('Connection', 'keep-alive');
req.setHeader('content-type', 'text/plain');
req.setHeader('Content-Length', body.length().format());
req.setBody(body);
Http http = new Http();

HttpResponse res = http.send(req);
System.debug(res.toString());
System.debug('STATUS:' + res.getStatus());
System.debug('STATUS_CODE:' + res.getStatusCode());

On the server (IIS 7.5) I enabled the self-signed cert with this web.config:

<configuration>
<system.webServer>
<security>
<access sslFlags="Ssl, SslNegotiateCert, SslRequireCert" /> 
<authentication>
    <iisClientCertificateMappingAuthentication enabled="true" oneToOneCertificateMappingsEnabled="true">
        <oneToOneMappings>
            <!-- production salesforce -->
            <add enabled="true" 
                 userName="salesforce" 
                 password="[enc:AesProvider:aaa...aaa:enc]" 
                 certificate="MIIEaaa...aaa=" />
        </oneToOneMappings>
    </iisClientCertificateMappingAuthentication>
</authentication>
</security>
</system.webServer>
</configuration>
twamley
  • 801
  • 2
  • 14
  • 22
0

In my other answer I was thinking about the Salesforce client cert because I remember having headaches sorting it out originally, but maybe the error is with your web server's cert. This might be a simple name matching issue. For example, the cert your server presented to Salesforce was issued to a.company.com but you're trying to use it at b.company.com. That produces a very similar java error message as talked about here and here. Does your browser give any errors when you try your service over SSL?

If you think Salesforce isn't verifying your web server's cert you can try some of the tricks suggested over here for a similar javax.net.ssl.SSLPeerUnverifiedException error. They even point to a list of CAs that are trusted by Salesforce.

Community
  • 1
  • 1
twamley
  • 801
  • 2
  • 14
  • 22