When attempting to connect to a web server or URL endpoint from Salesforce using a callout, you may encounter the following error:PKIX path validation failed: java.security.cert.CertPathValidatorException: subject/issuer name chaining check failed
This article explains why this error occurs and how to resolve it.
Why This Error Occurs
The main reason for this error is that the endpoint is presenting an invalid SSL certificate chain during the SSL Handshake. The server sends its own certificate along with its signing chain, but one or more intermediate certificates are incorrect.
For a valid SSL certificate chain, each certificate's subject field must match the issuer field of the next certificate in the chain. If this chain is broken, Salesforce rejects the connection with the PKIX path validation error.
How to Fix
The endpoint administrator must correct the certificate chain so that the certificate's subject equals the current certificate's issuer.This is a server-side fix that must be performed by the team managing the external endpoint.
How to Validate Using OpenSSL (Third-Party Tool)
OpenSSL is a third-party, open-source tool (not supported by Salesforce) that can be used to inspect the certificate chain presented by an endpoint. To view the certificates being sent, run the following command in a terminal, replacing hostname:port with your target endpoint:openssl s_client –showcerts –connect hostname:port
This command displays the full list of certificates sent by the server. Review the list to verify whether the certificate chain is properly installed and that the subject/issuer names are correctly chained.
Note: OpenSSL is a third-party tool and falls outside the scope of Salesforce Technical Support.
000385068

We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.