Duo Access Gateway Certificate for SalesForce renewal

DonnaRoehrig · ‎06-05-2019

I am needing to update the certificate that goes into SalesForce for SSO and I just want to make sure that if I click Recreate Certificate this is what will give me the new certificate to upload to Salesforce.

jamieis · ‎06-05-2019

Hey there @DonnaRoehrig,

The Duo Access Gateway certificates are good for 10 years. Why are you looking at updating the certificate?

Click Recreate Certificate will generate a new certificate and internal key for the Duo Access Gateway as a whole. This means you’d need to update the certificate for all of your service providers that are protected with the Duo Access Gateway or authentication will be broken.

DonnaRoehrig · ‎06-05-2019

Well we got an email today that the certificate for SSO is about to expire. But I am with you, I see that it says its good till 7/31/2028. So this is what I need to update.

jamieis · ‎06-05-2019

Hey @DonnaRoehrig,

That is the “Request Signing Certificate” that SalesForce itself has if you were doing signed authentication requests which does not happen with the Duo Access Gateway so it should not be an issue.

Looking at https://help.salesforce.com/apex/HTViewHelpDoc?id=security_keys_about.htm it looks like you could generate a new certificate but it shouldn’t matter for working with the Duo Access Gateway.

DonnaRoehrig · ‎06-05-2019

So this is a Salesforce thing and not a Duo thing. I figured so when I went to the Salesforce application and it said it expired well now in 9 years.