Print this page

The Salesforce Client Certificate chain

Knowledge Article Number 000186608
Description What should be the correct order of intermediate certificates in the certificate chain of customer's application (endpoint) server?
Resolution

Your application (endpoint) server must send any intermediate certificates in the certificate chain, and the certificate chain must be in the correct order. The correct order is:

  1. Server certificate.
  2. Intermediate certificate that signed the server certificate if the server certificate was not signed directly by a root certificate.
  3. Intermediate certificate that signed the certificate in step 2.
  4. Any remaining intermediate certificates. Do not include the root certificate authority certificate. The root certificate is not sent by your server. Salesforce already has its own list of trusted certificates on file, and a certificate in the chain must be signed by one of those root certificate authority certificates.




promote demote