function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
swestenzweigswestenzweig 

Creating Salesforce Self-Signed Certificates

Good afternoon. I am working on implementing an SSO solution with SF acting as the IdP. In doing so, I have generated a self-signed certificate (Setup->Security Controls->Certificate and Key Management) and downloaded the resultant cer file for import into an existing keystore. However, I am receiving an error when I import the cert into my keystore:

 

 keytool error: java.lang.Exception: Public keys in reply and keystore don't match
java.lang.Exception: Public keys in reply and keystore don't match
        at sun.security.tools.KeyTool.establishCertChain(KeyTool.java:2618)
        at sun.security.tools.KeyTool.installReply(KeyTool.java:1870)
        at sun.security.tools.KeyTool.doCommands(KeyTool.java:807)
        at sun.security.tools.KeyTool.run(KeyTool.java:172)
        at sun.security.tools.KeyTool.main(KeyTool.java:166)

 

I am thinking the alias used on Salesforce.com to generate the cert does not match the alias I am specifying in the keystore. I thought this was the unique name assigned when the self-signed certificate was created on SF, but it does not appear to be the case. Is there any way of telling the alias SF uses when the certificate is generated?

swestenzweigswestenzweig

Update:

 

It looks like SF does not use an alias when creating the certificate; I was successfully able to add the cert to the keystore without specifying an alias.

WilmerWilmer

Hi,

 

I'm trying to do the same in an apache server and got the same error message, would it be possible to you to share with us any link or manual to install succesfully the selfSigned certificate generated from Salesforce?

 

I would appreciate any help with this.

 

Regards,

 

Wilmer