|Available in: All Editions|
|To create, edit, and manage certificates:||“Customize Application”|
After you create a CA-signed certificate
, you must do the following before the certificate is active and you can use the certificate.
- From Setup, click Download Certificate Signing Request. , click the name of the certificate, then click
- Send the certificate request to the certificate authority of your choice.
- After the certificate authority sends back the signed certificate, from Setup, click Upload Signed Certificate. , click the name of the certificate, then click
- Click Browse to locate the CA-signed certificate. The CA-signed certificate must match the certificate created in Salesforce. If you try to upload a different CA-signed certificate, the upload fails.
- Click Save to finish the upload process. Click Cancel at any time to not upload the certificate.
After you successfully upload the signed certificate, the status of the certificate is changed to Active and you can use CA-signed certificate.
A certificate chain is an hierarchical order of certificates where one certificate issues and signs another certificate lower in the hierarchy. Upload a certificate chain as a single PEM-encoded CA-signed certificate representing the concatenated chain of certificates. The uploaded certificate chain needs to include the intermediate certificates in the following order.
- Start with the server or client certificate and then add its signing certificate.
- If more than one intermediate certificate exists between the server or client certificate and the root, add each certificate as the one that signed the previous certificate.
- The root certificate is optional, and generally should not be included.