Generate a Self-Signed Certificate
Generate a certificate signed by Salesforce to show that communications purporting to come from your organization are really coming from there.
Required Editions
| Available in: both Salesforce Classic and Lightning Experience |
| Available in: all editions |
| User Permissions Needed | |
|---|---|
| To create, edit, and manage certificates: | Manage Certificates |
- From Setup, in the Quick Find box, search for Certificate and Key Management.
- Select Create Self-Signed Certificate.
-
Enter a descriptive label for the Salesforce certificate.
This name is used primarily by administrators when viewing certificates.
-
Enter a unique name. You can use the name that’s automatically populated based on the
certificate label that you enter.
This name can contain only underscores and alphanumeric characters, and it must be unique in your org. It must begin with a letter, not include spaces, not end with an underscore, and not contain two consecutive underscores. Use the unique name when referring to the certificate using Lightning Platform APIs or Apex.
-
Select a key size for your generated certificate and keys. Note that after you save a
Salesforce certificate, you can’t change its type or key size.
Certificates with 2048-bit and 3072-bit keys last one year and are faster than certificates with 4096-bit keys. Certificates with 4096-bit keys last two years and are recommended for Shield Platform Encryption.
Note Self-signed certificates are not subject to the new CA/Browser Forum recommendations for signed certificates. -
Save your work.
Downloaded self-signed certificates have .crt extensions.
Did this article solve your issue?
Let us know so we can improve!
