Trust Store Management

In this section:

This section describes how to configure trust store management.


Top of page

x
Downloading the Root Certificate and Intermediate Certificate

Download the client certificate (sfdc-client.cert) from the Salesforce Web site.

Download the intermediate certificate (for example, symantecclass3ca.cer) and the root certificate (for example, symantecintermediateca.cer) according to the client certificate.


Top of page

x
Importing the Root Certificate and Intermediate Certificate

Use the following command to import the root certificate:

D:\ certificate>keytool -import -alias symantec_root_ca -file  
symantecclass3ca.cer -keystore truststore.jks -storepass iwaysoft 

Use the following command to import the intermediate certificate:

D:\ certificate>keytool -import -alias symantec_intermediate_ca -file  
symantecintermediateca.cer -keystore truststore.jks -storepass iwaysoft 

Top of page

x
Importing the Client Certificate

Before you import the client certificate, verify that the alias is compliant to the certificate.alias key, which is defined in the Salesforce adapter configuration file (LocalStrings.properties). The default is salesforce.

Use the following command to import the client certificate:

D:\certificate>keytool -import -alias salesforce -file sfdc-client.cert 
-keystore truststore.jks -storepass iwaysoft 

Depending on your environment, the following error may be generated during the import process:

keytool error: java.lang.Exception: Input not an X.509 certificate.

As a workaround, you must transform the client certificate format to a Base64 encoded binary format.

Note: Before you continue, make sure that the root certificate is installed.

Perform the following steps:

  1. On a Windows platform, change the file extension to .CER and double-click the file.

    The Open dialog box is displayed.

  2. Select Install Certificate.
  3. Open Internet Explorer®.
  4. From the menu bar, click Tools and select Internet Options from the context menu.

    The Internet Options dialog box opens.

  5. Click the Content tab.
  6. In the Certificates area, click the Certificates button.

    The Certificates dialog box opens.

  7. Select the certificate you imported previously.
  8. Click Export and select Base 64 encoded binary X.509.
  9. Import this format using the following command:
    D:\certificate>keytool -import -alias salesforce -file  
    sfdc-client.cert -keystore truststore.jks -storepass iwaysoft 

WebFOCUS