locked
Mutual Client Certificate Authentication RRS feed

  • Question

  • I need assistance implementing Client Certificate Authentication to authenticate or authorize a Salesforce application to communicate with a on-premise API to exchange data. We are already using IP filtering at the FW level and SSL Certificates for encryption. We only want a system/service with possession of the client certificate to be able to communicate with our API.

    In addition, the communication will happen via port 443 but not via browser.

    The developer has provided the following link as instructions on how to implement, but it did not work in my testing.

    https://blog.restcase.com/restful-api-authentication-basics/

    I've been scouring youtube and google for answers - i get a ton of mixed information and need a solid implementation guide.

    Any assistance or guidance would be greatly appreciated. I already have spent over a tremendous amount of time trying to identify and implement client certificate authentication.

    -Steve

    Thursday, June 27, 2019 6:35 PM

All replies

  • I am the developer that is working with Steve.

    We setup a mutual authentication (client certificate) system similar to what is described here:

    https://medium.com/@hafizmohammedg/configuring-client-certificates-on-iis-95aef4174ddb

    After doing so, calling from the machine name works (bound to custom port 4433) and uses the client certificate:

    https://mymachinename.myinternaldomain.local:4433/Index.html

    However, using the DNS name configured on the 443 binding throws a 403.7 error  (The IIS log shows sc-win32-status=64,  ERR_CONNECTION_RESET) :

    https://myapp.mydomain.com:443/Index.html

    I am wondering if perhaps something additional needs to be configured beyond what is on that site (perhaps something in netscaler or the gateway DNS machine).

    Wednesday, July 3, 2019 3:31 PM