Replace Salesforce certificate


'Certificates and Key Management' section helps you with generating self-signed certificates and manage all your certificates (self and 3rd party).

When you visited this page, you would have noticed that one of your certificates has an Expiration Date that is in the near future.

You have to take the following steps to fix this.

1. Generate a new certificate

2. Find where you are using the old certificate and replace it. For example, Identity Provider, REST Service, etc.

There are few places where a self-signed certificate could be used:

1. Identify Provider - If you are using SFDC as IDP for Single Sign On. You can find it under Setup >> Administer >> Security Controls >> Identity Provider.

2. Single Sign-On Settings - If you are using SFDC as Consumer for Single Sign On. You can find it under Setup >> Administer >> Security Controls >> Single Sign-On Settings.

If your certificate is used in one of the above places, it is quite intuitive to edit this screen and replace the certificate.

3. Installed Packages / Connected Apps.

Some of the third party apps could use your Self-Signed Certificates (Environment Hub is an example).
You can look at them in Setup >> Build >> Installed Packages

Connected Apps will be same procedure as above. But you will find the connected apps under Setup >> Manage Apps >> Connected Apps.

4. Outbound messages - Setup >> Build >> Workflow & Approvals >> Outbound messages

The 3rd party has to change the certificate as well on their side.

For more information please see articles below:

Certificates and Keys

How to replace certificate that has expired in Single Sign-On settings?

Was this article helpful?
0 out of 0 found this helpful


Powered by Zendesk