As an admin of a Salesforce org, we want to inform you that the April 26th Windows Update no longer impacts the proxy.salesforce.com certificate.
We previously communicated on April 15th and April 22nd that customers with remote https endpoints that use the Microsoft Trusted Root Certificate Program would be impacted by an April 26th Windows certificate update if such https endpoints request or require a client certificate for select Salesforce features.
Salesforce has since learned that Microsoft designed the Windows Update in a way that removes any impact on the proxy.salesforce.com certificate and the Salesforce features outlined below:
| • | SAML with default certificate |
| • | Delegated authentication |
| • | Workflow automated messaging |
| • | AJAX proxy |
| • | PageReference.getContent() |
| • | PageReference.getContentAsPDF( |
Please refer to Microsoft Trusted Root Certificate Program Updates for additional information from Microsoft.
What action do I need to take?
No immediate action is required by customers and partners. However, we still strongly recommend that customers using the proxy.salesforce.com certificate transition to use self-managed certificates for increased security and improved certificate management. Taking this action may also mitigate any future third-party vendor impact to Salesforce features where https endpoints request or require a client certificate for such features.
Where can I get more information?
Review the Salesforce Client Certificate Impacted by Upcoming Microsoft Windows Update article for more information on this update and recommended actions to improve the security of these features and improve certificate manageability. Participate in theCertificate Change Success Community Group to follow the latest updates and discussion on this update.
For additional questions, open a case with Support via the Help & Training portal.
Comments