[SalesForce] How to make 100% sure your certificate is compatible with Salesforce

We recently had a certificate signed by DigiCert to used in a 2-way SSL integration with a partner. While it's root certificate is trusted by SF, the intermediate is not (see previous post)

Despite what the SF support agent says, as far as we can tell, SF does not seem to correctly send the certificate in requests. It appears others have had this issue as well.

We have decided to go ahead and resign the certificate with another CA.

How can we ensure that we don't run into this issue again (that the entire certificate chain will be trusted by SF)?

Best Answer

First thing is match exact certificate name string from Salesforce supported certificates. Include all immediate certificate to root certificate in chain.

Suppose my certificate chain is:

Equifax Secure CA --> GeoTrust Global CA --> RapidSSL CA ( This we bought)

So all of these three certificates must be in SFDC accepted certificate list to make 100% surety.

Related Solutions

[SalesForce] Salesforce intermediate certificate chain

You need to concatinate two certificates - your signed one and intermediate one. This literatally means opening notepad, copy and paste one cert after another, so you end up with this:

[SalesForce] how to renew salesforce CA signed certificate

You need dowload the csr from Saleforce (Your name => configuration => secure settings => certificates => create new certificate CA) and send the csr to your CA to sign it. After that you can upload the new certificate.

Remember that the new certificate need to signed using SHA-256, And you need configurate your service to SHA-256 and TLS

REgards

Best Answer

Related Solutions

[SalesForce] Salesforce intermediate certificate chain

[SalesForce] how to renew salesforce CA signed certificate

Related Topic