Duo Access Gateway Certificate for SalesForce renewal

I am needing to update the certificate that goes into SalesForce for SSO and I just want to make sure that if I click Recreate Certificate this is what will give me the new certificate to upload to Salesforce.

Hey there @DonnaRoehrig,

The Duo Access Gateway certificates are good for 10 years. Why are you looking at updating the certificate?

Click Recreate Certificate will generate a new certificate and internal key for the Duo Access Gateway as a whole. This means you’d need to update the certificate for all of your service providers that are protected with the Duo Access Gateway or authentication will be broken.

Well we got an email today that the certificate for SSO is about to expire. But I am with you, I see that it says its good till 7/31/2028. So this is what I need to update.


Hey @DonnaRoehrig,

That is the “Request Signing Certificate” that SalesForce itself has if you were doing signed authentication requests which does not happen with the Duo Access Gateway so it should not be an issue.

Looking at https://help.salesforce.com/apex/HTViewHelpDoc?id=security_keys_about.htm it looks like you could generate a new certificate but it shouldn’t matter for working with the Duo Access Gateway.

So this is a Salesforce thing and not a Duo thing. I figured so when I went to the Salesforce application and it said it expired well now in 9 years.