|Available in: both Salesforce Classic and Lightning Experience|
|Available in: All Editions|
|To create, edit, and manage certificates:||“Customize Application”|Salesforce
offers two types of certificates:
- A self-signed certificate is signed by Salesforce with the SHA-256 signature algorithm. Not all external websites accept self-signed certificates.
- A CA-signed certificate is signed by an external certificate authority (CA). Most external websites accept CA-signed certificates. You must first generate the certificate signing request to send to a CA, and then import the signed version of the certificate before you can use it.
To create a Salesforce certificate:
- From Setup, enter Certificate and Key Management in the Quick Find box, then select Certificate and Key Management.
- Select either Create Self-Signed Certificate or Create CA-Signed Certificate, based on what kind of certificate your external website accepts. You can’t change the type of a certificate after you’ve created it.
- Enter a descriptive label for the Salesforce certificate. This name is used primarily by administrators when viewing certificates.
- Enter the Unique Name. This name is automatically populated based on the certificate label you enter. This name can contain only underscores and alphanumeric characters, and must be unique in your organization. It must begin with a letter, not include spaces, not end with an underscore, and not contain two consecutive underscores. Use the Unique Name when referring to the certificate using the Force.com Web services API or Apex.
- Select a Key Size for your generated certificate and keys. We recommend that you use the default key size of 2048 for security reasons. Selecting 2048 generates a certificate using 2048-bit keys and is valid for two years. Selecting 1024 generates a certificate using 1024-bit keys and is valid for one year.
Once you save a Salesforce
certificate, you can’t change the key size.
- If you’re creating a CA-signed certificate, you must also enter the following information. These fields are joined together to generate a unique certificate.
|Common Name||The fully qualified domain name of the company requesting the signed certificate. This is generally of the form: http://www.mycompany.com.|
|Email Address||The email address associated with this certificate. |
|Company||Either the legal name of your company, or your legal name.|
|Department||The branch of your company using the certificate, such as marketing or accounting.|
|City||The city where the company resides.|
|State||The state where the company resides.|
|Country Code||A two-letter code indicating the country where the company resides. For the United States, the value is US.|
- Click Save.
Downloaded self-signed certificates have .crt extensions. Downloaded certificate signing requests have .csr extensions.
After you successfully save a Salesforce certificate, the certificate and corresponding keys are automatically generated.
You can have a maximum of 50 certificates.
After you create a CA-signed certificate, you must upload the signed certificate before you can use it.
After you create a CA-signed certificate and certificate request, the certificate is not active and you can’t use it until it’s been signed by a certificate authority and uploaded into your organization.