Renewing a Salesforce Certificate


Secure communication between Absorb LMS And Salesforce requires a valid certificate. When the certificate gets close to its end date, it must be renewed in Salesforce and updated in Absorb so that the Absorb Salesforce App can continue to function.  Salesforce system administrators should receive notifications from Salesforce when their certificates are near expiration. 

The below steps require access to both Salesforce and Absorb (with the System Administrator role in Absorb and permission to edit certificates and connected apps in Salesforce).

  1. Go to Setup > Security > Certificate and Key Management in Salesforce
  2. Check the 'Expiration Date' of the 'Absorb SSO' certificate. If the date is displayed in red, the certificate has expired and should be replaced immediately. If the certificate has not expired, you may choose to replace it now or later. If you wish to replace the certificate later, resume at step 3 when you are ready
  3. Select Edit on the 'Absorb SSO' certificate
  4. Give the certificate a new unique name, e.g. 'Absorb SSO Expired'
  5. Click Save
    1. NOTE - This will pause the sync process & ability to SSO into Absorb from Salesforce until a new certificate is configured

  6. On the Certificate and Key Management page, click Create Self-Signed Certificate
  7. Enter the name as 'Absorb SSO' and ensure the unique name is 'Absorb_SSO'
  8. Click Save

  9. Go to Setup > Apps > Manage Connected Apps in Salesforce
  10. Select Edit Policies on the 'Absorb SSO' Connected App

  11. Under IdP Certificate, select the new certificate 'Absorb SSO'
  12. Click Save

  13. Select the 'Absorb SSO' Connected App
  14. Under SAML Login Information, click Download Metadata. This will download an xml file containing the certificate information
  15. Login to your Absorb portal
  16. Within the Admin console in Absorb, click on the Account icon in the upper right > Portal Settings > Manage SSO Settings

  17. Select the relevant SSO configuration for the Absorb Salesforce app
  18. Open the certificate that was downloaded from Salesforce using a text editor program like TextEdit on macOS or Notepad on Windows
  19. You will see a long alphanumeric string starting after either 'BEGIN CERTIFICATE' or '<ds:X509Certificate>'. This is the certificate key. The file may also include a series of dash symbols at the start and end, these should not be copied into Absorb. Copy the remainder of the string and paste it into the Key field
  20. Save the SSO Settings


Published on
Have more questions? Submit a request


Please sign in to leave a comment.