Sunday, 23 December 2012

Handling PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException exception in SFDC Callout

Recently i encountered an exception during making a Callout to the external service .Being an apex developer and unfamiliar with SSL concept much with no luck after googling i tried posting the question in stackexchange Stackexchange link.I am thankful to the Martin Peters for helping me on this .

Through this blog post i would like to document few points i learned on cause of this exception and also i will indicate the solution and resources we have that can help us to get rid of this exception

1)First way to identify this exception is if we try to open the URL we are using to  make a callout to external system in any browser we will encounter the security exception.The below image shows how our browser will behave once encountering such SSL exception.


2)This happens when the external system we make callout from the salesforce does not have valid SSL certificate 

For the JAVA client we have solution on the discussion board .http://boards.developerforce.com/t5/General-Development/PKIX-path-building-failed/td-p/128332

There are two very popular way of implementing authenticated Callouts 

1)one-way SSL/certificate security
2)Two-way SSL 

1)One-Way SSL is easiest implementation :

This blog explains the process for cast iron and i must thank the author of blogger post for such wonderful explanation

So if the external server implements this the problem gets solved straight away.

2)Two-way SSL :
Thanks to the developer.force.com of salesforce that we have an excellent article on how to configure this on salesforce end 

We have a list of SSL certifcates that are accepted by salesforce and verified .Here is the link to the document

Introducing Lightning Base Components

Lightning Base Components are great addition to the platform and in fact revolutionary .One of the concerns around lightning component ...