Question or Problem Statement:
Expanding on a prior article concerning Callout troubleshooting, we have a few more recent known issues with callouts producing failed or “unknown” results in the callout history and their accepted solution involving supported encryption levels and SSL certificates
1. HAProxy - tune.ssl.default-dh-param should be set to 1024 (default). Higher values will cause callouts to fail on some integrations
2. Apache - certain Apache configurations receive handshake failures with Java-based clients when using a certificate with more than 1024 bits? See link below for solution, in short a change in Apache configuration in mod_ssl is required
3. SSL Certificate - Zuora callouts require a CA signed certificate at the receiver endpoint. We do not support self-signed SSL certificates in our callout process.
4. Standard SSL port 443 only - Zuora callouts must be made on standard SSL port (443). Reconfiguring callout URL to a different port is not supported.