function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Michael DenteMichael Dente 

Certificate and Key Management - Support told me to post here

Certificate and Key Management - Must I replace Identify provider self signed cert that is going to expire or can it be removed because it was automatically put in place a about a year ago? Also, we are not getting email triggers and we have changed nothing. Can this be related?
SwethaSwetha (Salesforce Developers) 
HI Michael,
If you are using this self-signed certificate, logs would be generated in the "Identity Provider Event Log" of setup menu. Please check for usage here.

How to Identify if the IdentityProvider could have any additional usage apart from IdentityProviderLogs?
>> Check to see if there are Connected Apps associated with and using SAML SSO. In order to complete the Idp setup, you need to configure at least 1 Connected Apps (which involves providing Login URL & Entity ID from the SP). If you don't have any, you can be sure that the Org is not using IDP.
SwethaSwetha (Salesforce Developers) 
If any certificate was to expire in the upcoming days/months,Salesforce has an inbuilt functionality that sends certificate expiry notifications at 60 day mark, 30 day mark, 10 day mark and day of expiry.

You should be able to see the delete option for the expired certificates in your org. Usually, the Delete button will be grayed out if certificate is in use somewhere. You'll have to remove its usage before to be able to see the delete button.

Similar post from past: https://salesforce.stackexchange.com/questions/296945/do-i-need-to-renew-the-default-selfsignedcert-that-i-never-created

Recommended checks to identify if the expiring certificate is being used:
> Single Sign-On settings
> Identity Provider Settings
> Connected apps
> Web service callouts -You need to find out if you are using this certificate within your Integration as client certificate; if yes, then you need to share a updated certificate with your Server(3rd party integration) team. Your Integration team(or Developers) would know more details on this.
>In the certificate and key management settings, check if the certificated is listed under "API client certificate".If yes, it is being used in your code somewhere.

Also, in order to adjust the the email alert settings, follow the below article: https://help.salesforce.com/s/articleView?id=000336830&type=1

Creating new self-signed certificate :https://help.salesforce.com/s/articleView?id=sf.security_keys_creating.htm&type=5


If this information helps, please mark the answer as best. Thank you
Michael DenteMichael Dente
I checked and we are not....it states " No identity provider events found" what should my steps be from here? Also, I will check the other link about the email triggers now. Thank you, Michael Michael Dente Growth Operations Manager at STCHealth [https://cdn.gifo.wisestamp.com/social/rich-field-address-2/45668e/30/trans.png] 411 South 1st Street, Phoenix, Arizona 85004 [https://cdn.gifo.wisestamp.com/social/rich-field-phone-3/45668e/30/trans.png] (480) 745-8500 ­ [https://cdn.gifo.wisestamp.com/social/rich-field-mobile-1/45668e/30/trans.png] ​(973) 216-3114 ­ [https://cdn.gifo.wisestamp.com/social/rich-field-fax-1/45668e/30/trans.png] (602) 598-7712 ­ [https://cdn.gifo.wisestamp.com/social/rich-field-email-1/45668e/30/trans.png] Michael_Dente@stchome.com ­ [https://cdn.gifo.wisestamp.com/social/rich-field-website-1/45668e/30/trans.png] www.stchealth.com ­  ­ [linkedin] [twitter] Vaccine Intelligence CONFIDENTIALITY NOTICE - The information enclosed in this transmission is the private, confidential property of the sender, and the material is privileged communication intended solely for the individual indicated. If you are not the intended recipient, you are notified that any review, disclosure, copying, distribution, or taking any other action relevant to the contents of this transmission is strictly prohibited. If you have received this transmission in error, please notify STC immediately at security@stchome.com
Michael DenteMichael Dente
Nothing populates under the identify provider log so that must indicated we are not using it. What would my next step be? under identity provider it states Edit, Disable, Download Cert, Download metadata, On the same page under details it lists my company (issuer) https:......companyname.com Michael Dente Growth Operations Manager at STCHealth [https://cdn.gifo.wisestamp.com/social/rich-field-address-2/45668e/30/trans.png] 411 South 1st Street, Phoenix, Arizona 85004 [https://cdn.gifo.wisestamp.com/social/rich-field-phone-3/45668e/30/trans.png] (480) 745-8500 ­ [https://cdn.gifo.wisestamp.com/social/rich-field-mobile-1/45668e/30/trans.png] ​(973) 216-3114 ­ [https://cdn.gifo.wisestamp.com/social/rich-field-fax-1/45668e/30/trans.png] (602) 598-7712 ­ [https://cdn.gifo.wisestamp.com/social/rich-field-email-1/45668e/30/trans.png] Michael_Dente@stchome.com ­ [https://cdn.gifo.wisestamp.com/social/rich-field-website-1/45668e/30/trans.png] www.stchealth.com ­  ­ [linkedin] [twitter] Vaccine Intelligence CONFIDENTIALITY NOTICE - The information enclosed in this transmission is the private, confidential property of the sender, and the material is privileged communication intended solely for the individual indicated. If you are not the intended recipient, you are notified that any review, disclosure, copying, distribution, or taking any other action relevant to the contents of this transmission is strictly prohibited. If you have received this transmission in error, please notify STC immediately at security@stchome.com
SwethaSwetha (Salesforce Developers) 
HI Michael,
As there are no logs in your "Identity Provider Event Log" section, it does not seem to have any usage.

It is safe is disable the Identity Provider. See similar post:  https://salesforce.stackexchange.com/questions/107399/can-i-simply-disable-an-automatically-created-identity-provider

As a best practice, it is recommended to try in a lower sandbox environment to assess any impact before doing it in the production.

If this information helps, please mark the answer as best. Thank you
Michael DenteMichael Dente
Thank you! You can close the case now. Get Outlook for iOS