Effect of "Salesforce Server replacing their certificate from Symantec to DigiCert" on Tibco ActiveMatrix BusinessWorks plug-in for Salesforce.com
Article ID: KB0082749
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix BusinessWorks Plug-in for Salesforce.com | 2.4.1, 2.5.0, 2.5.0 |
Description
A future release of Google Chrome will no longer support Symantec-issued HTTPS certificates, so salesforce server side is replacing their Symantec-issued certificates with new DigiCert-issued certificates.
Some examples of Salesforce certificates impacted by this change are:
*.salesforce.com, *.my.salesforce.com (My Domain), [instance].force.com, login.salesforce.com, test.salesforce.com, *.cloudforce.com (Branded Login)
From January 8, 2018 onwards this changes will start to takes place, this process will carry on till February 8, 2018.
Users of web browsers and most software, including Salesforce's desktop and mobile apps, are expected to see no impact from this change. Some middleware solutions, however, may require a configuration update to trust the DigiCert root certificate, DigiCert intermediate certificate, and the relevant Salesforce's DigiCert-signed certificates.
Some examples of Salesforce certificates impacted by this change are:
*.salesforce.com, *.my.salesforce.com (My Domain), [instance].force.com, login.salesforce.com, test.salesforce.com, *.cloudforce.com (Branded Login)
From January 8, 2018 onwards this changes will start to takes place, this process will carry on till February 8, 2018.
Users of web browsers and most software, including Salesforce's desktop and mobile apps, are expected to see no impact from this change. Some middleware solutions, however, may require a configuration update to trust the DigiCert root certificate, DigiCert intermediate certificate, and the relevant Salesforce's DigiCert-signed certificates.
Issue/Introduction
Effect of "Salesforce Server replacing their certificate from Symantec to DigiCert" on Tibco ActiveMatrix BusinessWorks plug-in for Salesforce.com.
Environment
Tibco ActiveMatrix BusinessWorks 5.13
Resolution
For middleware/integrations (i.e. for Tibco ActiveMatrix BusinessWorks) we can perform following compatibility test to check the compatibility of an API client that uses SOAP to communicate with Salesforce:
Set up an API client in a test environment.
In that test environment, change the API client's login endpoint hostname from login.salesforce.com or [MyDomain].my.salesforce.com tohttps://certtest.force.com.
As an example, change https://login.salesforce.com/services/Soap/u/32.0 to https://certtest.force.com/services/Soap/u/32.0 while leaving the path as-is.
Log in with that API client.
If you see an error message that resembles the following: "INVALID_LOGIN: Invalid username, password, security token; or user locked out." or “Content is not allowed in prolog.”, then this test passed and your integration trusts DigiCert-signed certificates.
The presence of this response means that the underlying TLS connection was successful, despite the higher-level error. The TLS connection is the focus of this test.
If you instead see an error message that involves TLS or HTTPS, then the test has failed. Your API client will require adjustments to its list of trusted certificate authority certificates to trust DigiCert-signed certificates.
At this moment with certtest.force.com as endpoint hostname, we are getting following error:
"INVALID_LOGIN: Invalid username, password, security token; or user locked out."
The presence of this response means that the underlying TLS connection was successful, despite the higher-level error. The TLS connection is the focus of this test.
Set up an API client in a test environment.
In that test environment, change the API client's login endpoint hostname from login.salesforce.com or [MyDomain].my.salesforce.com tohttps://certtest.force.com.
As an example, change https://login.salesforce.com/services/Soap/u/32.0 to https://certtest.force.com/services/Soap/u/32.0 while leaving the path as-is.
Log in with that API client.
If you see an error message that resembles the following: "INVALID_LOGIN: Invalid username, password, security token; or user locked out." or “Content is not allowed in prolog.”, then this test passed and your integration trusts DigiCert-signed certificates.
The presence of this response means that the underlying TLS connection was successful, despite the higher-level error. The TLS connection is the focus of this test.
If you instead see an error message that involves TLS or HTTPS, then the test has failed. Your API client will require adjustments to its list of trusted certificate authority certificates to trust DigiCert-signed certificates.
At this moment with certtest.force.com as endpoint hostname, we are getting following error:
"INVALID_LOGIN: Invalid username, password, security token; or user locked out."
The presence of this response means that the underlying TLS connection was successful, despite the higher-level error. The TLS connection is the focus of this test.
Additional Information
https://help.salesforce.com/articleView?id=000269027&language=en_US&type=1
Feedback
Yes
No
Powered by
