If your organization uses Salesforce, chances are, you received an email this morning from Salesforce informing you that they are making some changes to their HTTPS security certificates. If you’re unsure what this means, we’re here to help! Keep reading for a brief overview of the changes and what to do about them.
Salesforce is replacing its current HTTPS certificates with new certificates signed with a SHA-256 hash algorithm.
What is an HTTPS certificate?
An HTTPS certificate ensures that a website and the data within it are secure. Users know that a site is secured with an HTTPS certificate when they can see a green ‘https’ before each URL in the address bar of their browser. Often these characters are accompanied by a lock icon.
Why is Salesforce making these changes?
Salesforce is making these changes in alignment with security best practices and an industry-wide shift to use more complex algorithms for HTTPS certificates.
What should I do?
We recommend that you use the test page provided by Salesforce to quickly test whether or not your current browser will accept the changes when they roll out. Simply follow the link and a screen will appear letting you know whether or not your browser passed the test.
What if my browser fails the test?
Most browsers will pass the test. However, if yours does not, you will need to upgrade or else, following the implementation of these changes, you will no longer be able access Salesforce via your current browser. Salesforce has provided extensive documentation about what to do if you need to replace your browser or middleware. You can find that information here.
Does this mean Salesforce is NOT secure?
No! The HTTPS certificates that Salesforce is currently using are completely secure. It is simply an industry best practice to regularly increase the complexity of security encryption tools.
When will these changes take place?
Salesforce is asking users to prepare for this change before April 15 (sandboxes) and August 1 for all instances.
If you have any further questions about the HTTPS certificate change, Salesforce has put together a Knowledge Article. Additionally, we are glad to answer any questions you may have. Please feel free to contact us at any time for help with this change!