Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Update the Proxy Certificate

When your proxy certificate expires, you can update the certificate and import the new certificate into Salesforce. You also receive a notification through email when your proxy certificate is expired or about to expire. For details, see Reverse Proxy Certificate Expiration Notification.

To update your proxy certificate:

  1. Click Renew Certificate from your Salesforce Managed Service. 
    clipboard_e2a34d825aba7455bfc32f1608f6fa403.png
  2. A dialog box warning you to update SSO configurations appears. Click Renew. A confirmation appears, informing you that the certificate is created and updated shortly.
    clipboard_ef3bcab91b8a34da4ee0709ab91e9a03b.png
  3. Log in to your managed service (without SSO) and make sure you can access Salesforce via proxy to confirm that the certificate has been pushed.
  4. In your tenant, go to the Managed Service and select the SAML Certificates link. Then click Download SAML Certificate.
    clipboard_e44fa74ea2e4d2e3b90fda8c33747a748.png
  5. After downloading the certificate, log into Salesforce and go to Setup > Security Controls > Single Sign-on Settings. Edit the settings for SSO config, and upload the certificate you downloaded from the proxy to the Identity Provider Certificate setting.
  6. Save your changes.

Test using the procedures outlined below.

To test the new proxy certificate:

  1. Log in and open the Okta Homepage. You should see your Salesforce application. If not, you need to go back to admin and assign the application to your user account.
  2. After pressing the Salesforce button, you should be directed via the reverse proxy to your Salesforce sandbox.
  • Was this article helpful?