For my studies for the Certified Salesforce Advanced Admin I needed to understand the various code deployment options for the force.com platform including the Force.com IDE based on Eclipse. Installing the IDE was pretty straight forward and creating a force.com project and adding an APEX trigger was likewise easy. As I like to understand what’s going on under the covers I went to inspect the traffic but of course everything is encrypted using TLS so I went to my favorite tool for these kinds of tasks – Charles Proxy. This tool allows inspecting all traffic including being a man in the middle of TLS connections.
To make this work however you need to add the Charles Proxy TLS certificate tot the Java keystore of the Java runtime you are using. Please note that adding the certificate to keychain on Mac is not sufficient as all traffic from Eclipse is through Java. On Mac this is the most likely something like the cacerts file in /Library/Java/JavaVirtualMachines/jdk1.8.0_112.jdk/Contents/Home/jre/lib/security (replace the Java version with your actual version). To import do as follows:
- Get a PEM version of the certificate – in Charles this is done from the Help menu
- Open a Terminal and run something like this (assuming Java is on your path):
sudo keytool -keystore /Library/Java/JavaVirtualMachines/jdk1.8.0_112.jdk/Contents/Home/jre/lib/security/cacerts -import -v -alias CharlesProxy -file ~/Downloads/Axiom-IdpCert.cer
- Agree to trust the cert – otherwise what’s the point?!
- Now restart Force.com IDE, setup Eclipse to proxy through Charles Proxy (in Settings search for proxy and fill in HTTP/HTTPS proxying)
- Configure Charles Proxy to enable TLS proxying for both “login.salesforce.com” and the actual hostname of your org depending on whether you are using a custom domain or simply the pod name
Now traffic can be inspected and the requests is visible – both the login request to login.salesforce.com where you can see the endpoints, org id etc. The 15 digit org ID is used to compose the URL for the tooling API so the force.com IDE knows where to send data about classes, triggers etc.