How to update a certificate

Owned by Emiliano Rodriguez (Deactivated)
Nov 03, 2021
4 min read

An SSL certificate is a digital certificate that authenticates a website's identity and enables an encrypted connection. SSL stands for Secure Sockets Layer, a security protocol that creates an encrypted link between a web server and a web browser.

At AIA the certificates are handled using DigiCert to use it on SF we need to import it using the JKS format, DigiCert does not support the export on this format by default so we need to get the files on PKCs #12 .

When we get one of these files we should get :

  1. The file

  2. A phrase

  3. An alias

After we have all this information we need to login to Production → Setup → Security → Certificate and Key Management ( or click on this here)

On this screen, we need to create a Self Signed certificate to use the internal communities URLs to do this we need to click on the button Create Self-Signed Certificate

The label should be AIA <Target> <Year> - SF Domain and let the unique name autogenerate, key size should be 2048 and exportable private key must be checked.

e.g AIA All Communities Certs - 2021 - SF Domain

Now we need to download the certificate that we just created to do this click on Download Certificate

Now that we have the AIA Domain certs and the AIA SF Domain certs we need to merge them to do this we need to download a tool to KeyStore Explorer .

Now we need to open the KeyStore app →

Click on Open an existing Key Store ->

Select the jks file that was shared from DigiCert and click open →

You are going to be ask the Password of the keystore that is going to be the phrase that was shared as part of the file :

The file should have the following structure :

Now we need to double-check that the file is in the correct format to do this right-click on any empty section on the grid → Change KeyStore Type → JKS

Now that we are sure that the file is on JKS format we need to add the self-certificate that we created to do this right-click on any empty section on the grid → Import Trusted Certificate →

Selected the self-signed certificate →

And Click on Import →

Set the Alias to AIA SF Domain and click on OK →

The file structure should match the previous screenshot and we need to click on Save.

Now we have a JKS file on a JKS Format that has a certificate for the *.aia.org domains and the SF domains.

We need to get back to SF and access the certificate page login into Production → Setup → Security → Certificate and Key Management ( or click on this here)

Click on the button Import from Keystore

Choose the JKS file that we edited and as a Keystore password use the same one that was used to open the file on the KeyStore explorer app and click on Save → After the import the file change the label to AIA <Target> <Year> - Global

Now we need to set the new certs on the domains to do this go to Setup → Site and Domains → Domains ( or click on this here)

On every domain that was using the old certificate click Edit →

On HTTPS Option → Salesforce serves the domain over HTTPS, on Salesforce's servers, using your HTTPS certificate → Click on the and search the new cert → Click Save

This will start the provisioning of the domain with the new cert and we are going to activate it after a couple of seconds. Repeat this for every domain that has an expired certificate.