Loading

SSO Working with Expired Self-Signed Certificate and the IDP is not Salesforce

Publish Date: Dec 4, 2024
Description

You may notice that single sign-on authentication is working fine even if the self-signed certificate used as the "Request Signing Certificate" has expired.

Resolution

An IDP uses the self-signed certificate for secure communication. If the IDP is not Salesforce, the described behavior can occur because the IDP has control over the secure communication.  Salesforce does not have any control over how the IDP works and uses the certificate for ‌communication/authentication purposes.

Use one of the Additional Resource links below to create a new self-signed Salesforce certificate to replace the expired certificate if the desire is to continue to use a self-signed cert solution.

Knowledge Article Number

000392854

 
Loading
Salesforce Help | Article