[SalesForce] How to use Self-Signed CA for 2-way SSL

I would like to use Self-Signed CA of Salesforce to build a 2-way SSL connection with my Web Server.
The Web Server is built on Apache 2.2 and the 1-way SSl test is fine.
In the 2-way SSL test, the CA-Signed certificate of Salesforce is OK.

When I use Self-Signed CA of Salesforce, it seems the Apache can't verify the client CA from Salesforce.

I use Openssl to verify the client CA, like,

openssl verify -CAfile SFDC.cer  SFDC.cer

and got the following error,

error 20 at 0 depth lookup:unable to get local issuer certificate

I guess there is something wrong with Salesforce's self-signed CA.

Does anyone have the same experience?

Best Answer

This is a known bug of the latest versions of macports' port of openssl 1.0.1 and has nothing to do with Salesforce's self-signed CA.

See this link for reference and a workaround

https://stackoverflow.com/questions/11774961/unable-to-connect-to-test-salesforce-com-with-ssl

I hope this helps.

Best Answer

Related Solutions

[SalesForce] Way to get around SSL certificate errors when calling an external web service

[SalesForce] java.security.cert.CertificateException: No name matching

Related Topic