Salesforce intermediate certificate chain

I’m working on a project that is integrating Salesforce with a 3rd party API. They require us to pass a client certificate. Our admin created a CSR in Salesforce and got it signed by DigiCert. However we are having a problem getting the 3rd party server to trust our certificate. I think it may have something to do with the chain of trust:

DigiCert -> DigiCert SHA2 Secure Server CA -> OurCertificate

According to this Link, DigiCert (DigiCert Global Root CA) is trusted by Salesforce, but the intermediate (DigiCert SHA2 Secure Server CA) is not.

Would this have an impact on our ability to use the Client Certificate? And is there anything that can be done to make it work?

Answer

You need to concatinate two certificates – your signed one and intermediate one. This literatally means opening notepad, copy and paste one cert after another, so you end up with this:

-----BEGIN CERTIFICATE-----
BASE64DATABASE64DATA
BASE64DATABASE64DATA
BASE64DATABASE64DATA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
BASE64DATABASE64DATA
BASE64DATABASE64DATA
BASE64DATABASE64DATA
-----END CERTIFICATE-----

Attribution
Source : Link , Question Author : NSjonas , Answer Author : dzh

Leave a Comment