Loading

SSL Certificate Not Trusted Error During Salesforce Single Sign-On (SSO) Authentication

Julkaisupäivä: May 4, 2026
Kuvaus

During Single Sign-On (SSO) authentication in Salesforce via Chatter Desktop, Chatter Mobile, or Salesforce for Outlook, users may encounter SSL certificate trust errors if the server certificate is self-signed or if the intermediate SSL certificate chain is incomplete.
The following error messages are typically displayed in these scenarios:
Internet Explorer 7+ / Chrome:
"The security certificate presented by this website was not issued by a trusted certificate authority."
Firefox 3+:
"www.example.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown."
"www.example.com uses an invalid security certificate. The certificate is not trusted because it is self signed."

Ratkaisu

Note: The information in this article applies to both Salesforce Classic and Lightning Experience.
To resolve SSL certificate trust errors during Salesforce SSO, confirm that your SSL server certificate and intermediate server certificate are properly installed. Use an SSL checker tool (such as DigiCert SSL Checker) to diagnose your installation — enter your server name and the tool will identify the exact cause of the error.
Browsers are built with a list of trusted certificate providers (such as DigiCert) pre-installed. When a site's certificate provider cannot be found on that list, the browser warns that the certificate authority is not trusted. Firefox 3+ will additionally distinguish between a self-signed certificate and other untrusted issuer certificates.

Self-Signed Certificate Issue

A self-signed certificate is generated by your own server rather than by an intermediate certificate vendor such as DigiCert, and it does not reference the intermediate certificate in the "Issuer" field. Self-signed certificates are flagged as "not trusted" by browsers.
To resolve this issue, generate a new Certificate Signing Request (CSR) from your server and reissue the certificate through your certificate vendor's account. For DigiCert: log in to your DigiCert account, click the order number, and then click the reissue link.

Intermediate Certificate Issue

The most common cause of the "trusted certificate authority" error is that the SSL certificate installation was not properly completed on the server hosting the site. When checked with an SSL certificate tester, an incomplete installation shows only one certificate file and a broken red chain.
To resolve this, install the intermediate certificate (also called a chain certificate) file on your server. For DigiCert certificates: log in to your DigiCert account, click the order number, select the certificate download link, and download the file named DigiCertCA.crt. Follow your server-specific installation instructions to install the intermediate certificate file.
After importing the intermediate certificate, verify the installation using the SSL certificate tester. A properly installed certificate chain shows multiple certificate files connected by an unbroken blue chain.

Knowledge-artikkelin numero

000385793

 
Ladataan
Salesforce Help | Article