A certificate authority-signed (CA-signed) certificate can be a more authoritive way to to prove that your organization's data communications are genuine. You can generate this type of certificate and upload it to Salesforce.
|Available in: both Salesforce Classic and Lightning Experience|
|Available in: All Editions|
|To create, edit, and manage certificates:||“Customize Application”|
From Setup, search for Certificate and Key Management in the Quick Find box.
Select Create CA-Signed Certificate.
Enter a descriptive label for the Salesforce certificate.
This name is used primarily by administrators when viewing certificates.
Enter the Unique Name. You can just accept the name that's automatically populated based on the certificate label you enter.
This name can contain only underscores and alphanumeric characters, and must be unique in your org. It must begin with a letter, not include spaces, not end with an underscore, and not contain two consecutive underscores. Use the Unique Name when referring to the certificate using the Force.com Web services API or Apex.
Select a Key Size for your certificate and keys.
We recommend that you use the default key size of 2048 for security reasons. Selecting 2048 generates a certificate using 2048-bit keys and is valid for two years. Selecting 1024 generates a certificate using 1024-bit keys and is valid for one year.
Once you save a Salesforce certificate, you can’t change its type or key size.
Enter the following information.
These fields are joined together to generate a unique certificate.
|Common Name||The fully qualified domain name of the company requesting the signed certificate. This is generally of the form: http://www.mycompany.com.|
|Email Address||The email address associated with this certificate. |
|Company||Either the legal name of your company, or your legal name.|
|Department||The branch of your company using the certificate, such as marketing or accounting.|
|City||The city where the company resides.|
|State||The state where the company resides.|
|Country Code||A two-letter code indicating the country where the company resides. For the United States, the value is US.|
After you save a Salesforce certificate, the certificate and corresponding keys are automatically generated.
Find your new certificate from the certificates list, then click Download Certificate Signing Request.
Downloaded certificate signing requests have .csr extensions.
Send the certificate request to the certificate authority of your choice.
After the certificate authority sends back the signed certificate, go back to Certificate and Key Management, click the name of the certificate, then click Upload Signed Certificate.
The CA-signed certificate must match the certificate created in Salesforce. If you try to upload a different CA-signed certificate, the upload fails.
Click Save to finish the upload process.
After you upload the CA-signed certificate, the status of the certificate is changed to Active and you can use it.
If you need to change something in a certificate you’ve uploaded, just upload it again; no need to start over with a new key and certificate. When you upload again, published site domains are automatically republished if they have at least one Force.com site or community. The expiration date of the certificate record is updated to the expiration date of the newly uploaded certificate.
You can have a maximum of 50 certificates.