Newer Version Available

This content describes an older version of this product. View Latest

Downloading the Salesforce Client Certificate

When using AJAX proxy, you might need to validate Salesforce using client certificates.

Your application (endpoint) server's SSL/TLS may be configured to require client certificates (two-way SSL/TLS), in order to validate the identity of the Salesforce server when it takes the role of client to your server. If this is the case, you can download the Salesforce client certificate from the Salesforce API page.

To download the certificate, use this procedure:
  • From Setup, click Develop | API to display the WSDL download page.
  • In the WSDL download page, right-click Generate Client Certificate and save it to an appropriate location on your local drive.
  • Import the downloaded certificate into your application server, and configure your application server to request the client certificate. The application server then checks that the certificate used in the SSL/TLS handshake matches the one you downloaded.

Your application (endpoint) server must send any intermediate certificates in the certificate chain, and the certificate chain must be in the correct order. The correct order is:

  1. Server certificate.
  2. Intermediate certificate that signed the server certificate if the server certificate was not signed directly by a root certificate.
  3. Intermediate certificate that signed the certificate in step 2.
  4. Any remaining intermediate certificates. Do not include the root certificate authority certificate. The root certificate is not sent by your server. Salesforce already has its own list of trusted certificates on file, and a certificate in the chain must be signed by one of those root certificate authority certificates.

Note