Skip to main content

Handling PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException exception in SFDC Callout

Recently i encountered an exception during making a Callout to the external service .Being an apex developer and unfamiliar with SSL concept much with no luck after googling i tried posting the question in stackexchange Stackexchange link.I am thankful to the Martin Peters for helping me on this .

Through this blog post i would like to document few points i learned on cause of this exception and also i will indicate the solution and resources we have that can help us to get rid of this exception

1)First way to identify this exception is if we try to open the URL we are using to  make a callout to external system in any browser we will encounter the security exception.The below image shows how our browser will behave once encountering such SSL exception.


2)This happens when the external system we make callout from the salesforce does not have valid SSL certificate 

For the JAVA client we have solution on the discussion board .http://boards.developerforce.com/t5/General-Development/PKIX-path-building-failed/td-p/128332

There are two very popular way of implementing authenticated Callouts 

1)one-way SSL/certificate security
2)Two-way SSL 

1)One-Way SSL is easiest implementation :

This blog explains the process for cast iron and i must thank the author of blogger post for such wonderful explanation

So if the external server implements this the problem gets solved straight away.

2)Two-way SSL :
Thanks to the developer.force.com of salesforce that we have an excellent article on how to configure this on salesforce end 

We have a list of SSL certifcates that are accepted by salesforce and verified .Here is the link to the document

Popular posts from this blog

TLS 1.0 has been disabled For Sandbox - Salesforce

Salesforce has finally disabled TLS 1.0 in sandboxes .This is in preparation for disablement later in 2017 for PRODUCTION instances .

Now this would have not impacted your integrations in PRODUCTION org but if your integration is broken in your sandbox ,this means you have only few months to sort this and fix before this affects your integration for PROD live users .
Before we deep drive on how to possibly fix this and work with your external systems to figure solution ,lets first understand what is TLS and why did SFDC moved to 1.x and had to disable TLS 1.0
TLS 1.0 Explained























TLS 1.1 Improvements 
Added protection against cipher-block chaining (CBC) attacks. Support for IANA registration of parameters.

Clearly TLS 1.1 is more secure(Compared to 1.0) and protects salesforce resources against CBC attacks .
Identify if this change broke anything .The things that can be affected in your instances are as below Web requests to Salesforce URLs that require authenticationWeb requests to the login pag…

Opening Modal Using Lightning Component Framework of SFDC

One of my friend from India threw a challenge .The challenge was to open a modal by using latest and greatest lightning components framework and modals design from SLDS .For the love of community I thought of sharing the entire code base that I did .

So here we start ..

Business Use Case - Need a handy SalesLeader board component that can be used to display the Sales revenue generated by each sales rep for current year in the order of decreasing total revenue .On click of the tile ,we will show detail opportunity list aggregating the revenue .

The component can be dragged in lightning design experience or in App builder lightning Page .

Video Demonstration-



SalesLeaderBoard from Mohith Kumar Shrivastava on Vimeo.








Frameworks Used -
Lightning Design Systems (SLDS) for CSSLightning Component Framework for client side logicApex aura enabled class for backend logicApproach
The component hierarchy is very important to imagine or mindmap before we dig deeper- SalesLeaderMain
    -SalesLeaderBoard
    …

Customizing Napili Template Of SFDC For Communities - Community Cloud

Recently I have been busy working with salesforce community cloud platform and I am impressed by the new added features of Spring 16 .

You can watch the Release Readiness webinar for more details on what are added features for community cloud 

Lets talk about something which most of client (Either SI or ISV ) would love to have with the Napili template .The first question that clients ask with Napili is its flexibility to customize and tailor to their specific needs .

The very straight forward questions that people familiar with Napili template ask are as follows 

Can I change the CSS and look and feel ?  

Well yes and No ....The new branding editor you can sparingly use CSS and change look and   feel   and community editor can also help you to some extent to change labels and the color and you can really get closer to what you want .Just note that efforts will be high if we want to change the entire template design.

Will i be able to populate data from custom objects and standard objects a…