You need to sign in to do that
Don't have an account?
SalesForce Identity Provider (IDP): Certificates
I have configured SSO using SalesForce as an Identity Provider and an external software system acting as a Service Provider. In order to ensure the identity of the external SP, a CA-Signed certificate was generated, signed by a CA, and uploaded to SalesForce. For the SalesForce Identity Provider, a CA-Signed certificate was generated on SalesForce.com, a CSR exported, signed by a CA, and re-imported back to SalesForce. However, when attempting to assign this CA-signed certificate for use with the SalesForce Identity Provider, it is not available to be used. Further research into the documentation uncovered that CA-signed certificates cannot be used for the SalesForce Identity Provider.
I am perplexed as to why SalesForce does not allow CA-signed certificates to be used for the Identity Provider, permitting only self-signed certificates to be used. This forces any external integrating application acting as a SP to expose a hole in their security to permit self-signed certificates.
Is there reasoning I am not seeing as to why this is still secure? Can an exception be made to use the uploaded CA-signed certificate for the SalesForce IDP? If not, is the ability to use CA-signed certificates planned for future enhancement?
Thanks in advance!
There is a list of Salesforce acredited CA's if you use a certificate signed by one of these you don't need to uplaod to sf the client cert.
We were once able to setup a 2ay SSL with the IBM datapower using a CA signed cert and SF using a self signed cert. It is infact a step lesser.
:)
Ceasar