Integrating Salesforce with IBM BPM and configuring TLS 1.2


Salesforce is a leading CRM software and enterprise cloud ecosystem. It allows sales people to track their sales and support people to track their cases, and enables the entire company's employees to collaborate with each other.

IBM Business Process Manager provides powerful authoring, testing, deployment, and visibility tools to build and manage better business processes.

It can be challenging to automate business process management workflows that interface with Salesforce—particularly when that is only one of many tasks involved in the overall process. Likewise, human workflow tasks that include Salesforce may be difficult to incorporate into your BPM workflows. Effective Salesforce integration is a “must” if you want to maximize your Salesforce investment.

Before we start developing integration with Salesforce and IBM BPM, we need to configure Salesforce from BPM end.

In this post, I describe:

  • How to configure Salesforce integration with IBM BPM
  • TLS version 1.2 configuration with IBM BPM

How to Configure Salesforce Integration with IBM BPM

Salesforce has changed its root signer certificate. With any Salesforce integration in BPM, the new signer certificate needs to be added to the truststore of the BPM server.

For On-Premise BPM

  • Navigate to Security -> SSL certificate and key management -> Key stores and certificates -> CellDefaultTrustStore (Or NodeDefaultTrustStore for a standalone setup) -> Signer certificates.

  • Click on the Retrieve from port button.

  • Use the Salesforce-provided URL, which uses the new certificate, to add to the truststore.
  • Enter Host and Port, and then click on Retrieve signer information button.

  • Click on Apply and Save changes.

For BPM on Cloud

Send a ticket to IBM Cloud support to request that the root signer certificate be added to the truststore using the new Salesforce URL.

TLS Version 1. Configuration with IBM BPM

To adhere to best practices surrounding data integrity and security, Salesforce needs an upgrade to TLS 1.1.

Transport Layer Security (TLS) is a popular security protocol. That helps ensure security and data integrity between applications by verifying that data is going to the correct endpoint. The existing versions of TLS are 1.0, 1.1, and 1.2.

TLS is a key security cornerstone for Salesforce web and API connections, as well as email delivery.

Configuring TLS Version 1.2 with IBM BPM

  • Navigate to Security -> SSL certificate and key management -> SSL configurations.

  • Each node has its own NodeDefaultSSLsetting. The setting above will apply BOTH inbound and outbound SSL communication.

  • Click on CellDefaultSSLsetting -> Quality of protection (QoP) settings.

  • Change the protocol to TLSv1.2.

  • Click on Apply and then on Save.

  • Update ssl.client.props: modify

This should be performed on all node profiles and on the dmgr profile:

  • Stop Dmgr using command.
  • Start Dmgr using command.
  • Use command on nodes to synchronize.
  • Start all nodes using command.

Java Version Compatibility

Java version 1.6.0 (6.0.0) SR5 and below do not support TLS v1.2. It’s better to upgrade to Java 7 or Java 8 to get TLS v1.2 support.

As of April 2018, Java 6 (also called 1.6.x) will no longer be supported by IBM. You can read more about the announcement here.

This means you need to upgrade to Java 7 or Java 8 to get Java support, not just TLS v1.2 support. Here is more information on BPM Java versions.

As you may see, to get Java 7, you have to upgrade to BPM v8.5.6. To get Java 8, you need to upgrade to BPM v8.6


About the Author


Goutam Giri
Senior Consultant

Goutam is a senior consultant for Prolifics’ Smarter Process practice, specializing in integration and cloud computing. He has experience in implementing various digital transformation projects using business process automation and SOA technologies. He is also a certified Advanced Robotic Process Automation professional and has a keen interest in the field of RPA and machine learning.