function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Arpit BajpaiArpit Bajpai 

Self Signed Certificate Expires?

Hello Everyone,

I got a email- You have one or more certificates in your Salesforce org that will expire soon. Review the list below and visit Certificate and Key Management from Setup to make an update.

I have resolve it using the steps:
There are few places where a sefl-signed certificate could be used, I identified those

1. Identify Provider - If you are using SFDC as IDP for Single Sign On. 
2. Single Sign-On Settings - If you are using SFDC as Consumer for Single Sign On.

Certificate is used in above 2 places, i edit this screen and replace the old certificate, with my newly created Certificate.

When i am doing this changes i have seen the warning msg  "If you change this certificate, users can't connect to service providers until you reconfigure each service provider to work with the new certificate", ANY OTHER PLACES WHERE I HAVE TO UPDATE MY THIS NEW CERTIFICATE?

ANY SUGGESTION HOW TO SOLVE THIS?

Thanks in advance.
Arpit Bajpai
 
NagendraNagendra (Salesforce Developers) 
Hi Arpit,

Self-signed certificates are commonly used for single sign-on or callouts to external sites. Read the help article, How to replace a certificate that has expired in Single Sign-On Settings.

If you receive this notification and have already checked those items but are still unable to delete the certificate, please check the following,
The self-signed certificate was likely automatically created because the Salesforce as Identity Provider feature is enabled. This feature requires a certificate to be connected for the feature to be enabled. If you have no records under the "Service Provider" section, you are not using the feature.

Depending on your situation, one of the following two options may help you resolve the issue,

Option 1: Update the Identity Provider settings to use the new certificate.
Option 2: You can choose to disable the option of using Salesforce as an Identity Provider entirely. This will remove the need for the certificate and prevent future expiration messages.
The expiring certificate should now have a "Del" link next to the name, which you can click to delete the certificate. 
Or, if you aren't completely certain the certificate is not in use elsewhere, click "Edit" and choose the option to deactivate the certificate. This allows you to test and ensure nothing was missed when updated to use a new self-signed certificate, then you can delete the certificate after your testing is complete.

Note: The above are the two areas where you need to update your new certificate.

Hope this helps.

Please mark this as solved if it's resolved so that it gets removed from the unanswered queue which results in helping others who are encountering a similar issue.

Thanks,
Nagendra
Arpit BajpaiArpit Bajpai
Hi Nagendra,

Thanks for your response.

I have already update the Self Signed Certificate where it's using in my org i.e
  • Identify Provider.
  • Single Sign-On Settings.
But my concern is different When i am doing this changes i have seen the warning msg  "If you change this certificate, users can't connect to service providers until you reconfigure each service provider to work with the new certificate", ANY OTHER PLACES WHERE I HAVE TO UPDATE MY THIS NEW CERTIFICATE?(Means in the Service Provider side Ex: I am using office 365 as a Service Provider) for 2 way handshaking, i am asking i have to update this newly created certificate in office 365 also. 

Or there is no need to update this in the Service Provider side. I am using the flow when a service provider initiates the login process and uses Salesforce to identify the user.

Please go through this link to understand my concern point 
https://help.salesforce.com/articleView?id=identity_provider_about.htm&type=0

I want to know where there is need to update my newly created certificate on office 365 side(Service Provider Side) or not?

Thanks,
Arpit
 
AndyuxAndyux
I have the same question, also using 365. How did you resolve? thanks
kashy kapoorkashy kapoor
I was easily able follow this solution. Please see the link

https://hi.service-now.com/kb_view.do?sysparm_article=KB0691439
 
MC34MC34
@Arpit @ Andyyux - did you guys figure it out this? If yes can you guide me step by step. Would you able to do this by using salesforce or also connected with other adimns of IDP provider?
AndyuxAndyux
The certificate was shared with microsoft A.D. since they provide sso. There is no way of tracking this certificate, you must contact IT department that works with active directory and sso. The certificate could be use for other services too if not using sso, check what other connected apps to salesforce.