SP certificate expiration

Andrew Morgan morgan at orst.edu
Tue Apr 26 18:18:42 EDT 2016

I'm testing SAML integration between Salesforce and our IDP v3.2. 
Salesforce's metadata contains a CA-signed certificate that expires in 
2017.  It sounds like I can generate a self-signed certificate in 
Salesforce and configure Salesforce to sign SAML requests with it. 
However, the self-signed certificates in Salesforce are only valid for 1 

Some Googling around indicates that the IDP doesn't care if the 
certificate expires.  Can anyone confirm that?

Can I enable assertion encryption using this self-signed certificate that 
will expire in 1 year?

What have other people done for Salesforce?


More information about the users mailing list