Salesforce Self-Signed Certificate Expiring Notice

Salesforce by default dispatches an email 60 days, 30 days, and 10 days prior to the certificate's expiration date and will look similar to the message below.

You have one or more certificates in your Salesforce org Company Name Organization ID that will expire soon. Review the list below and visit Certificate and Key Management from Setup to make an update.

- SelfSignedCert_28May2019_231232, Self-Signed, expires on 5/28/2020. Warning: This certificate will expire in 30 day(s).


  1. Navigate to Salesforce and click Setup at the top of the page.
  2. In the Quick Find box, located on the left-hand side, type Certificate and click Certificate and Key Management.
  3. Click the Create Self Signed Certificate button and go through the steps for creating a new certificate.
  4. Once the certificate has been created type Single Sign-On Settings in the Quick Find/Search bar.
  5. Under the SAML Single Sign-On Settings section click Edit next to the Single Sign-On name and change the Request Signing Certificate to the newly created certificate from the drop-down menu. Click Save.
  6. After replacing the certificate in SAML Single Sign-On Settings, navigate back to the Certificate and Key Management page and verify the Delete button is present. If not, the old certificate is still being used in Salesforce. Replace the certificate here. Once replaced, the old certificate can be deleted, and you won't receive anymore warning emails.

If you are using ADFS, please continue with the instructions below. If you are not using AFDS the SSO certificate has been successfully updated and no further action is needed.

ADFS Users (after the above steps have been completed)

  1. Download the self-signed certificate and copy to ADFS server.
  2. In ADFS navigate to the Relying Party Trusts > Select Your Simpplr provider > Properties > Signature > Add new self-signed certificate.
  3. Remove the previous certificate.
  4. Verify.
  5. Navigate back to Salesforce and click Setup. Type Single Sign-On Settings into the Quick Find box and click the SSO name. Click Edit next to ADFS.
  6. Click the drop-down next to Request Signing Certificate and change it to the certificate you've just created. Click Save.


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.

Articles in this section