function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Meredith Curry 10Meredith Curry 10 

Received "SFDC Expiring Certificate" Notification

I and some other colleagues received this notification via email to all our System Administrators:

"You have one or more certificates in your Salesforce org California College Guidance Initiative [org ID here] that will expire soon. Please review the list below and visit Certificate and Key Management from Setup to make an update.
 
   - SelfSignedCert_20Nov2013_203932, Self-Signed, expires on 11/20/2015. Warning: This certificate will expire in 30 day(s)"

Does anyone have any tips as to how I can check if letting this expire impacts us or not? Has anyone else seen this?
Andy BoettcherAndy Boettcher
If your org uses Single Sign On or another connection (perhaps integration?) to another system that required the use of the certificate (created back on 20Nov2013), then yes - you need to create a new self-signed cert and install that on the remote system.  Worst case scenario is that whatever connection is using that certificate will just flat stop working.  (authentication or data transfer)

Can you get in contact with the people/company that cut that key back in 2013 and ask them what they were using it for?
Meredith Curry 10Meredith Curry 10
Thanks so much for responding Andy! I am not familiar with my org even having Single SIgn On, but we do have third-party apps from the appexchange installed. Is there any listing of possible vendors/companies that I could check? Is it a matter of referring to my installed apps or is there somewhere else in Setup where I can see who our org has integration with?
Andy BoettcherAndy Boettcher
That's correct Meredith - check your installed apps to start.
Lynn Vieira PMLynn Vieira PM
Meredith, did you ever figure this out? I received the same email and have no idea what the certificate is for.   We have no integrations or single sign on, and it doesn't help looking at the couple of third party apps we've installed.
Meredith Curry 10Meredith Curry 10
Hi Lynn, unfortunately no I haven't made any headway. I looked at the apps that my instance and other colleague's SF instances shared, and after emailing them (VerticalResponse), they confirmed we shouldn't need something like this. Our SF Account Executive shared this link with us: https://help.salesforce.com/HTViewHelpDoc?id=security_keys_creating.htm&language=en_US (https://help.salesforce.com/HTViewHelpDoc?id=security_keys_creating.htm&language=en_US" target="_blank). I decided to go ahead and create the certificate just in case, and if there's any functionality that stops working correctly after the certificate expires, then I'll know who to send the certificate to. Not sure that's really the best strategy, but not sure what else to do.

If anyone has any other suggestions, I still have 8 days before our original certificate expires. Any feedback is appreciated!
tlfutlfu
Do you use Environment Hub to connect to your org? In my case, it looks like the certificate generated when I connected my org to an Environment Hub instance nearly two years ago is now expiring. 
Meredith Curry 10Meredith Curry 10
Thanks for sharing Tom! No, we don’t use an environment hub or anything like that. Hopefully that answers it for others though. Thanks! Meredith Curry, Director of Operations C (310) 801-9349 [logo_low res] Visit CaliforniaColleges.edu​​ for career or college planning. Visit CCGI Solutions for additional resources.
Venkat 163Venkat 163
Hi Tom,
I received the same email and we are using Environment Hub,Now how can i extend my certificate expiring date.
 
ScionicsScionics
Anyone got a resolution for this, particulalry in the context of Envirnment Hub (if that is the initiator of the certificate).
Brian Harris 7Brian Harris 7
I was having the same problem and after much search, i found out that the custom cert was being used for my custom domain name login.  I created a new self signed cert, and then went to the "Identity Provider" section to swap out the old cert for the new one. once the old cert was no longer in use, i was able to delete it.
Sirish SurisettySirish Surisetty
Thanks, Meredith Curry for SF Account Executive shared this link with us: https://help.salesforce.com/HTViewHelpDoc?id=security_keys_creating.htm&language=en_US (https://help.salesforce.com/HTViewHelpDoc?id=security_keys_creating.htm&language=en_US" target="_blank).
Nathan WylderNathan Wylder
Brian Harris 7, this was exactly what I needed! Thanks to Sirish Surisetty for the link as well. I was able to remedy this with both of these bits of info. Thanks so much for sharing.
Mike ArthurMike Arthur
There is a very helpful article by Fabrice here - https://saas-components.com/sfdc-expiring-certificate/
Kim Creese 5Kim Creese 5
Thanks Brian Harris - what I needed as well.
Kim Creese 5Kim Creese 5
I had luck by searching Identity Provider in Setup – then selected your newly created certificate (that expires in a year) in the Label field. Thanks much. Kim Creese Salesforce Application Specialist #HGsig T 1-519-578-2740 ext 256 C 1-519-504-5246 E Kim.Creese@hendrix-genetics.com [cid:image001.jpg@01D504B6.445C3430] Hendrix Genetics Ltd 650 Riverbend Drive, Suite C Kitchener, ON N2K 3S2 Canada
Bryan EhrenfreundBryan Ehrenfreund
Thx Kim Creese 5 for sharing!  I received the Expiring Certificate Notification this morning.  Like others stated in this thread, I too wasn't aware our org had any external systems needing to use the cert. When I searched as you suggested "Identity Provider" in Setup I discovered it's being used in our Community Portal. Hope that help others. If you have a Community Portal the Self Signed Cert is used there. 
Sandy HilligesSandy Hilliges
I received this message this morning for our sandbox and searched Identity Provider as suggested above and nothing showed up.  We do have Informatica running our integration to our Sanbox, would this be why or what do I need to do?  Need help.
Sochy Eisenberg 3Sochy Eisenberg 3
Thanks, Brian!  👍
Richard Fiekowsky 3Richard Fiekowsky 3
These certificates also are used in SSO. Each SSO settings record refers to one of them. I see no way to extend their expiration date, only a way to create new ones.  It is an annual chore to create new ones, then edit the SSO records to point to the new ones.  I see no way to set the expiration date further out than a year. 
Jagan YellemulaJagan Yellemula
I found a beatiful article wich clarifies this certificate expire scenario
https://giveclarity.org/help-sfdc-expiring-certificate-notification/