+ Start a Discussion

Private key for SFDC Security Certificate

We have generated a self-signed certificate from SFDC and provided to our client network team which we are expecting them to install at their application to authorize us accessing their application. Network team rejected the certificate with the reason as the certificate has no information on private key.

Based on my research was able to figure out private key should be known by the owner of the certificate which is used by the server to validate against the public key and confirm the identity of the source.

Could someone please guide on how we can get the private key from SFDC as I dont see any interface for the same?


I presume you are looking for the two way secure comminication betweek SalesForce and on-premise application using web-services.  SalesForce would not give out private keys being a cloud based platform it would not work.  Moreover salesforce uses SSL communicating with the external systems.  That means it is inherently secure. 




Jeff J.ax1731Jeff J.ax1731

In my case, I'm attempting to secure an outbound message service from Salesforce to my site and I can't use the Salesforce supplied certificate in IIS7 because it has no private key. You can't import a certificate into IIS7 without the private key. Not sure how Salesforce does not support the most used web server out there but apparently they don't!

Jeff J.ax1731Jeff J.ax1731

BTW, how do you figure it's inherently secure? It's just using port 80. There is nothing secure about it! It's up to you to setup your web service on a secure port.


I also am having the exact same problem Jeff J.ax1731 is having. The Outbounds Messaging feature of salesforce is a solution to a problem we're having and we really need this to work with IIS. I've probably tried everything Jeff has, I've even tried using certutil to make private key from this article:


certutil fails and I still can't use the certificate in IIS. Where can we go to get an answer to this thread?!

Betsy SBetsy S
Could someone guide me how to work with CA signed certificate for mutual authentification to perform http callout.I am confused with private key