Find your content:

Search form

You are here

How to use Self-Signed CA for 2-way SSL?


I would like to use Self-Signed CA of Salesforce to build a 2-way SSL connection with my Web Server. The Web Server is built on Apache 2.2 and the 1-way SSl test is fine. In the 2-way SSL test, the CA-Signed certificate of Salesforce is OK.

When I use Self-Signed CA of Salesforce, it seems the Apache can't verify the client CA from Salesforce.

I use Openssl to verify the client CA, like,

openssl verify -CAfile SFDC.cer  SFDC.cer

and got the following error,

error 20 at 0 depth lookup:unable to get local issuer certificate

I guess there is something wrong with Salesforce's self-signed CA.

Does anyone have the same experience?

Attribution to: Jia Hu

Possible Suggestion/Solution #1

This is a known bug of the latest versions of macports' port of openssl 1.0.1 and has nothing to do with Salesforce's self-signed CA.

See this link for reference and a workaround

I hope this helps.

Attribution to: Gaurav Kheterpal

Possible Suggestion/Solution #2

I have blogged 5-part article series about setting up a two-way SSL authentication with Salesforce and you can find it here. Though this article deals with Salesforce and IBM Websphere Cast Iron, the technique and most of the steps applies to Apache as well. Check it out to see if that helps.

Attribution to: Tech Matrix
This content is remixed from stackoverflow or stackexchange. Please visit

My Block Status

My Block Content