Loading
Salesforce now sends email only from verified domains. Read More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Manage Expired Certificates

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Manage Expired Certificates

            When you’re notified that a certificate authority (CA) or self-signed certificate is expiring, or when your org no longer needs a certificate, manage certificate deletion appropriately.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience
            Available in: all editions
            User Permissions Needed
            To create, edit, and manage certificates: Customize Application

            Disposing expiring certificates in the right way helps prevent service disruptions due to inadequate security coverage. Before you delete a certificate, make sure that it isn’t used for any integrations or for single sign-on.

            To comply with new CA/Browser Forum recommendations, certificate shelf life is being reduced. See Certificates in Salesforce to learn more.

            Important
            Important If the expiring certificate is the identity provider, single sign-on (SSO) doesn’t work after you delete it, and users must log in using their org credentials. To keep it easy for users to log in, reassign the identity provider to another certificate.
            1. From Setup, in the Quick Find box, enter Certificate, and then select Certificate and Key Management.
            2. Each certificate is listed with its expiration date. To find the full certificate record, click the Edit link.
            3. On the certificate info page, the Delete button is unavailable if an identity provider is using it. To confirm its availability, hover over the Delete option to display the identity provider status message.
            4. Write down the value for the expiring certificate’s Label.
            5. In the Quick Find box, enter Identity, and then select Identity Provider.
            6. Verify that the label you wrote down is identical to the label in the Currently chosen certificate details section.
            7. Verify that no records are listed under the Service Providers section of the page. If there’s a service provider listed, upload a new certificate to replace the expiring one.
            8. With no service providers listed, click the Disable button at the top of the page.
            9. Return to the Certificate and Key Management page.
            10. The expired certificate has been released. To delete it, click the Del link on the Certificate and Key Management page. Or, click the Edit link to navigate to the full certificate record, and then click Delete

            If necessary, upload or create another CA or self-signed certificate to replace the one that you deleted.

            See Also

             
            Loading
            Salesforce Help | Article