SP certificate expiration

Mark K. Miller max at psu.edu
Wed Apr 27 10:59:54 EDT 2016

As I 'understand' it, there's no restriction that requires you to use a 
SalesForce self-signed cert.  I believe you can just create your own 
self-signed cert and upload the cert/key pair to use in your config.  For 
more details, I'd start here:


Hope that helps,


On Tue, 26 Apr 2016, Andrew Morgan wrote:

> I'm testing SAML integration between Salesforce and our IDP v3.2. 
> Salesforce's metadata contains a CA-signed certificate that expires in 2017. 
> It sounds like I can generate a self-signed certificate in Salesforce and 
> configure Salesforce to sign SAML requests with it. However, the self-signed 
> certificates in Salesforce are only valid for 1 year.
> Some Googling around indicates that the IDP doesn't care if the certificate 
> expires.  Can anyone confirm that?
> Can I enable assertion encryption using this self-signed certificate that 
> will expire in 1 year?
> What have other people done for Salesforce?
> Thanks,
> 	Andy

More information about the users mailing list