Use mutual authentication for your organization by creating a mutual authentication certificate.
|Available in: both Salesforce Classic and Lightning Experience|
|Available in: Enterprise, Performance, Personal, Unlimited, Developer, and Database.com Editions|
|To create, edit, and manage certificates:||“Customize Application”|
If you don’t see this option on the Certificate and Key Management page, contact Salesforce
to enable the feature.
Follow these steps to upload a certificate.
- Click Upload Mutual Authentication Certificate.
- Give your certificate a label and name and click Choose File to locate the certificate.
- Click Save to finish the upload process.
- Enable the “Enforce SSL/TLS Mutual Authentication” user permission for an “API Only” user. This “API Only” user configures the API client to connect on port 8443 to present the signed client certificate.
Note that the client certificate must include any intermediate certificates in the certificate chain when contacting port 8443.
A certificate chain is a hierarchical order of certificates where one certificate issues and signs another certificate lower in the hierarchy. Upload a certificate chain as a single PEM-encoded CA-signed certificate representing the concatenated chain of certificates. The uploaded certificate chain must include the intermediate certificates in the following order.
- Start with the server or client certificate and then add its signing certificate.
- If more than one intermediate certificate exists between the server or client certificate and the root, add each certificate as the one that signed the previous certificate.
- The root certificate is optional, and generally should not be included.