Https These days I seem to spend more of my time writing Ruby, Java and  Objective-C apps that connect to the Force.com platform. Very often these apps are webapps using remote access providers created on Force.com. One of the requirements of creating a remote access provider is that you need to specify a callback URL for handling the OAuth "dance". This callback URL must use https for obvious reasons.

I recently had an article published on the Heroku Dev Center describing how to use the Force.com Omniauth adapter for handling OAuth from a Rails apps. One of the steps discussed was the need to generate a self-sgined certificate for allowing your local web server to accept https callbacks. As part of that discussion I pointed to some other web resources which stepped you through how to create these certs. Since the publication I have had a number of people contact me for more information on how to create the certificates, and more recently, many people have found their certificates no longer work after upgrading their Ruby environment.

Long story short, more recent versions of Ruby (those greater than 1.8.7) now enforce some stronger security checks, one of which being the correct verification of the common name of your certificate. Whilst I bumped up against this change in Ruby and Rails, I suspect many other languages and web servers will (or do) require valid cnames as part of your certificates. So, here is a brief list of commands you need to create valid certs for local development. Note: I am using openssl on a Mac, but I suspect the Java keytool works very similar.

1. Generate you server key

You will be prompted for a password for your key. Enter, confirm and continue.

 

2. Generate your Certificate Signing Request (CSR)

You will be prompted again for your key password. Enter the one you created from step 1 above. You can then accept the defaults for all of the prompts you are presented with except the Common Name. This is key, and what makes the enhanced certificate validation happy. Since we are doing local development your common name will be "localhost". 

 

3. Generate your Certificate

Lastly we need to create our certificate. Again, use your key password and you will be all set.

 

That's it. Simply follow the instructions for setting up your web server to support https and you can use the Force.com remote access providers to handle OAuth callbacks.

 

Get the latest Salesforce Developer blog posts and podcast episodes via Slack or RSS.

Add to Slack Subscribe to RSS