We recently had a certificate signed by DigiCert to used in a 2-way SSL integration with a partner. While it's root certificate is trusted by SF, the intermediate is not (see previous post)
Despite what the SF support agent says, as far as we can tell, SF does not seem to correctly send the certificate in requests. It appears others have had this issue as well.
We have decided to go ahead and resign the certificate with another CA.
How can we ensure that we don't run into this issue again (that the entire certificate chain will be trusted by SF)?
Best Answer
First thing is match exact certificate name string from Salesforce supported certificates. Include all immediate certificate to root certificate in chain.
Suppose my certificate chain is:
So all of these three certificates must be in SFDC accepted certificate list to make 100% surety.