|Available in: both Salesforce Classic and Lightning Experience|
|Available in: All Editions|
|To create, edit, and manage certificates:||“Customize Application”|
After you create a CA-signed certificate
, you must do the following before the certificate is active and you can use the certificate.
- From Setup, enter Certificate and Key Management in the Quick Find box, then select Certificate and Key Management, click the name of the certificate, then click Download Certificate Signing Request.
- Send the certificate request to the certificate authority of your choice.
- After the certificate authority sends back the signed certificate, from Setup, enter Certificate and Key Management in the Quick Find box, then select Certificate and Key Management, click the name of the certificate, then click Upload Signed Certificate.
- Click Browse to locate the CA-signed certificate. The CA-signed certificate must match the certificate created in Salesforce. If you try to upload a different CA-signed certificate, the upload fails.
- Click Save to finish the upload process. Click Cancel at any time to not upload the certificate.
After you successfully upload the signed certificate, the status of the certificate is changed to Active and you can use CA-signed certificate.
A certificate chain is a hierarchical order of certificates where one certificate issues and signs another certificate lower in the hierarchy. Upload a certificate chain as a single PEM-encoded CA-signed certificate representing the concatenated chain of certificates. The uploaded certificate chain must include the intermediate certificates in the following order.
- Start with the server or client certificate and then add its signing certificate.
- If more than one intermediate certificate exists between the server or client certificate and the root, add each certificate as the one that signed the previous certificate.
- The root certificate is optional, and generally should not be included.