Salesforce Certificate and Key Pair
A Salesforce Certificate and Key Pair is a cryptographic credential managed in Salesforce Setup under Certificate and Key Management, used to authenticate API integrations, sign SAML assertions for single sign-on, and establish secure TLS/SSL connections with external systems.
Definition
A Salesforce Certificate and Key Pair is a cryptographic credential managed in Salesforce Setup under Certificate and Key Management, used to authenticate API integrations, sign SAML assertions for single sign-on, and establish secure TLS/SSL connections with external systems. Salesforce generates the certificate and private key pair, and administrators can export the certificate to share with external service providers.
In plain English
“A Salesforce Certificate and Key Pair is a cryptographic credential managed in Setup for authenticating API integrations, signing SAML assertions for SSO, and establishing secure connections with external systems. Salesforce generates the certificate and private key, and admins export the certificate to share with external services.”
Worked example
Greenmoor Software needs to enable Single Sign-On from their Salesforce org out to a partner's Service Provider. The admin creates a Salesforce Certificate and Key Pair in Setup → Certificate and Key Management → New Self-Signed Certificate. Salesforce generates the cert + private key; the admin downloads only the certificate and shares it with the partner. When users authenticate, Salesforce signs the SAML assertion with the private key (never exported); the partner verifies the signature with the certificate. The same Certificate and Key Pair can sign other SSO integrations or authenticate API calls. It's the cryptographic identity Salesforce uses to prove who it is to external systems.
Why Salesforce Certificate and Key Pair matters
A Salesforce Certificate and Key Pair is a cryptographic credential managed in Salesforce Setup under Certificate and Key Management, used to authenticate API integrations, sign SAML assertions for single sign-on, and establish secure TLS/SSL connections with external systems. Salesforce generates the certificate and private key pair, and administrators can export the certificate to share with external service providers.
Certificates are foundational to secure integration and authentication in Salesforce. JWT Bearer Flow uses certificates for server-to-server authentication. SAML SSO uses them for signing assertions. Callouts to external APIs use them for mutual TLS. Mature orgs manage certificates with discipline: tracking expiration dates, maintaining renewal schedules, and documenting which integrations use which certificates.
How organizations use Salesforce Certificate and Key Pair
Manages Salesforce certificates with tracked expiration dates and renewal schedules.
Uses certificates for JWT Bearer Flow authentication in their server-to-server integrations.
Documents which integrations use which certificates to prevent expiration-related outages.
About the Author
Dipojjal Chakrabarti is a B2C Solution Architect with 29 Salesforce certifications and over 13 years in the Salesforce ecosystem. He runs salesforcedictionary.com to help admins, developers, architects, and cert/interview candidates sharpen their fundamentals. More about Dipojjal.
Test your knowledge
Q1. What is a Salesforce Certificate and Key Pair?
Q2. What scenarios use certificates?
Q3. What's a critical management task?
Discussion
Loading discussion…