If a get a notification saying- sfdc expiring certificate notification, then what does that mean?

166    Asked by Aalapprabhakaran in Salesforce , Asked on Sep 4, 2023

 I am receiving sfdc expiring certificate notification via email

In my org, only the list of certificates is empty, and I have no memory of creating such a certificate. Any explanation for this?


Answered by Danna sahi

In Salesforce, if you enable certain features, it creates a new self-signed certificate. The certificate eventually expires. You can learn more in this help documentation.

If necessary, the article proceeds to explain the way to deal with this. You might want to consider refreshing your Sandbox, as this suggests it is old.

You are checking a different org than the one mentioned in the automated email received. Therefore, the list of candidates in your org is empty, as mentioned by you.

The reason for you receiving the email was that, in the upcoming days/months, if any certificate were to expire, there is an inbuilt functionality by Salesforce that sends notifications of certificate expiry at a 60 days mark, 30 days mark, 10 days mark and the date of expiry.

In your org, you should be able to locate the delete option for the expired certificates. The delete option is usually grayed out when the certificate is used elsewhere. In order to see the delete option, you will have to remove its usage first.

Post similar to yours from the past: Do I need to renew the default SelfSignedCert that I never created?

The below-given checks are recommended to identify whether the expired certificate is being used:

Single Sign-On Settings: Single Sign-On Setting(from the setup menu) should be checked to see that you are not using the certificate over there.

Identity Provider Settings: In the “Identity Provider Event Log,” logs will be generated if you use this certificate.

Connected App: You need to open the connected app to see whether the certificate is provided as an IDP certificate.

Web Service Callout: Determine if you use this certificate as a client certificate within your Integration. If affirmative, you have to share this updated certificate with your Server(3rd party integration) team so they can give you the new certificate instead of the old one. To get more details, contact your Integration team(or Developers).

You must check if the certificate is listed as an “API client certificate” in the certificate and key management settings. If the answer is yes, it is being used somewhere in your code.

Your Answer


Parent Categories