function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

SAML - do certificates need to be from a trusted authority???

I'm running into an error when trying to authenticate to salesforce using SAML (my localhost app is the identity provider, salesforce is the Service Provider). In the SAML validator tool I get:

Signature or certificate problems       

The signature in the response is not valid       


The certificate I'm using is one that I just created locally using IIS - it validates fine if I use the SignedXML class in .Net, but Salesforce is having issues with it. Does the certificate have to be signed by a trusted authority to use with Salesforce? If not then has anyone got any ideas what I can try?



Scott T.Scott T.

It doesn't need to be publicly trusted.  It could be self-signed or issued by a private CA.


Verify that the certificate you used in your IdP to sign your assertions is the same as the one specified in your Single Sign-On settings within Salesforce (under "Identity Provider Certificate"):