Using Certificates with SOAP Services

After you have generated a certificate in Salesforce, you can use it to support two-way authentication for a callout to a SOAP Web service.

To integrate the certificate with your Apex:

  1. Receive the WSDL for the Web service from the third party or generate it from the application you want to connect to.
  2. Generate Apex classes from the WSDL for the Web service. See SOAP Services: Defining a Class from a WSDL Document.
  3. The generated Apex classes include a stub for calling the third-party Web service represented by the WSDL document. Edit the Apex classes, and assign a value to a clientCertName_x variable on an instance of the stub class. The value must match the Unique Name of the certificate that you generated on the Certificate and Key Management page.

The following example illustrates the last step of the previous procedure and works with the sample WSDL file in Generated WSDL2Apex Code. This example assumes that you previously generated a certificate with a Unique Name of DocSampleCert.

docSample.DocSamplePort stub = new docSample.DocSamplePort();
stub.clientCertName_x = 'DocSampleCert';
String input = 'This is the input string';
String output = stub.EchoString(input);

There is a legacy process for using a certificate obtained from a third party for your organization. Encode your client certificate key in base64, and assign it to the clientCert_x variable on the stub. This is inherently less secure than using a Salesforce certificate because it does not follow security best practices for protecting private keys. When you use a Salesforce certificate, the private key is not shared outside Salesforce.

Note

Note

Don’t use a client certificate that was generated on the Generate Client Certificate page. Use a certificate that was obtained from a third party for your organization if you use the legacy process.

The following example illustrates the legacy process and works with the sample WSDL file in Generated WSDL2Apex Code.

docSample.DocSamplePort stub = new docSample.DocSamplePort();
stub.clientCert_x =
'MIIGlgIBAzCCBlAGCSqGSIb3DQEHAaCCBkEEggY9MIIGOTCCAe4GCSqGSIb3DQEHAaCCAd8EggHb'+
'MIIB1zCCAdMGCyqGSIb3DQEMCgECoIIBgjCCAX4wKAYKKoZIhvcNAQwBAzAaBBSaUMlXnxjzpfdu'+
'6YFwZgJFMklDWFyvCnQeuZpN2E+Rb4rf9MkJ6FsmPDA9MCEwCQYFKw4DAhoFAAQU4ZKBfaXcN45w'+
'9hYm215CcA4n4d0EFJL8jr68wwKwFsVckbjyBz/zYHO6AgIEAA==';

// Password for the keystore
stub.clientCertPasswd_x = 'passwd';

String input = 'This is the input string';
String output = stub.EchoString(input);
Previous
Next