Using Certificates

You can use two-way SSL authentication by sending a certificate generated in Salesforce or signed by a certificate authority (CA) with your callout. This enhances security as the target of the callout receives the certificate and can use it to authenticate the request against its keystore.

To enable two-way SSL authentication for a callout:

  1. Generate a certificate.
  2. Integrate the certificate with your code. See Using Certificates with SOAP Services and Using Certificates with HTTP Requests.
  3. If you are connecting to a third-party and you are using a self-signed certificate, share the Salesforce certificate with them so that they can add the certificate to their keystore. If you are connecting to another application used within your organization, configure your Web or application server to request a client certificate. This process depends on the type of Web or application server you use. For an example of how to set up two-way SSL with Apache Tomcat, see developer.salesforce.com/page/Making_Authenticated_Web_Service_Callouts_Using_Two-Way_SSL.
  4. Configure the remote site settings for the callout. Before any Apex callout can call an external site, that site must be registered in the Remote Site Settings page, or the callout fails.

    If you use setEndpoint(endpoint) to specify a named credential as the endpoint, you don’t need to configure remote site settings. To set up named credentials, see “Define a Named Credential” in the Salesforce Help.

Previous
Next