[SalesForce] Salesforce intermediate certificate chain

First thing is match exact certificate name string from Salesforce supported certificates. Include all immediate certificate to root certificate in chain.

Suppose my certificate chain is:

Equifax Secure CA --> GeoTrust Global CA --> RapidSSL CA ( This we bought)

So all of these three certificates must be in SFDC accepted certificate list to make 100% surety.

It's possible using the Mutual authentication feature which allows you to setup certificates for users so they are authenticated via a certificate instead of a username/password. Please note that this is not enabled by default in your org and you need to raise a case to get it.

The steps involved are

Contact salesforce.com to have mutual authentication turned on for your organization.

Generate the Certificate Signing Request (CSR) for the client certificate the API client will present when attempting to establish the mutually authenticated TLS connection to Salesforce. It’s important that the client certificate be signed by one of the salesforce.com trusted root certificate authorities. The list is maintained here: Outbound Messaging SSL CA Certificates.

Once the certificate is signed, upload the certificate to the organization at Security Controls | Certificate and Key Management. Upload the signed client certificate to the Mutual Authentication Certificates table in order for Salesforce to properly validate the client certificates presented by the client when initiating an inbound mutually authenticated TLS connection.

Enable the Enforce SSL/TLS Mutual Authentication user permission for the API client user. This permission forces the use of port 8443 for secure connections.

This permission can be added to a profile or assigned to an individual user with a permission set.

You may also want to look at this thread which has a similar context.