Question or Problem Statement:
Expanding on a prior article concerning Callout troubleshooting, we have a few more recent known issues with callouts producing failed or “unknown” results in the callout history and their accepted solution involving supported encryption levels and SSL certificates
Solution:
1. HAProxy - tune.ssl.default-dh-param should be set to 1024 (default). Higher values will cause callouts to fail on some integrations
2. Apache - certain Apache configurations receive handshake failures with Java-based clients when using a certificate with more than 1024 bits? See link below for solution, in short a change in Apache configuration in mod_ssl is required
3. SSL Certificate - Zuora callouts require a CA signed certificate at the receiver endpoint. We do not support self-signed SSL certificates in our callout process.
4. Standard SSL port 443 only - Zuora callouts must be made on standard SSL port (443). Reconfiguring callout URL to a different port is not supported.
Supporting References:
http://community.zuora.com/t5/Admin-Settings/Troubleshooting-quot-unknown-quot-result-from-callout-r...
http://httpd.apache.org/docs/current/ssl/ssl_faq.html#javadh
