Apex Developer Guide

Apex Developer Guide
Release Notes
Getting Started with Apex
Writing Apex
Running Apex
Invoking Apex
Apex Transactions and Governor Limits
Using Salesforce Features with Apex
Integration and Apex Utilities
Invoking Callouts Using Apex
Adding Remote Site Settings
Named Credentials as Callout Endpoints
SOAP Services: Defining a Class from a WSDL Document
Invoking HTTP Callouts
Using Certificates
Generating Certificates
Using Certificates with SOAP Services
Using Certificates with HTTP Requests
Callout Limits and Limitations
Make Long-Running Callouts with Continuations
JSON Support
XML Support
ZIP Support (Developer Preview)
Securing Your Data
Encoding Your Data
Using Patterns and Matchers
Debugging, Testing, and Deploying Apex
Apex Reference
Appendices
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Using Certificates

To use two-way SSL authentication, send a certificate with your callout that was either generated in Salesforce or signed by a certificate authority (CA). Sending a certificate enhances security because the target of the callout receives the certificate and can use it to authenticate the request against its keystore.

To enable two-way SSL authentication for a callout:

  1. Generate a certificate.
  2. Integrate the certificate with your code. See Using Certificates with SOAP Services and Using Certificates with HTTP Requests.
  3. If you’re connecting to a third party and using a self-signed certificate, share the Salesforce certificate with them so that they can add the certificate to their keystore. If you’re connecting to another application, generate and integrate the certificate with your code, and then ensure that the Web or application server is configured to accept the certificate. This process depends on the type of Web or application server you use.
  4. Configure the remote site settings for the callout. Before any Apex callout can call an external site, that site must be registered in the Remote Site Settings page, or the callout fails.

    If the callout specifies a named credential as the endpoint, you don’t need to configure remote site settings. To set up named credentials, see Named Credentials and External Credentials in Salesforce Help.