/
T4S Server Self-Signed Certificate Installation

T4S Server Self-Signed Certificate Installation

Owned by William Boyd
Last updated: Jan 07, 2025
4 min read

Each Salesforce Sandbox or Prod Org that connects to the T4S Server must have a valid self-signed Certificate, and this certificate must be installed onto the T4S Server so that the T4S - IIS Server can validate and authenticate the callout from Salesforce and create the two-way-SSL connection between Salesforce Org and the T4S Server App.

NOTE: When a new Sandbox is created, it may contain duplicates of the Production Org certificates.

These certificates cannot be used by the new Sandbox. so new certificates will need to be created.

Salesforce and T4S will not be able to connect until all three steps listed below have been completed.

  1. Create the self-signed Salesforce certificate.

  2. Update the Salesforce T4S Setting record with the name of the new certificate.

  3. Import the new certificate into the T4S Server certificate store on the T4S Server.

Create the self-signed Certificate.

Within the Salesforce Sandbox or Prod Org navigate to Admin Setup → Certificates → Create Self-Signed Certificate.

image-20250107-230315.png

Create the certificate by first selecting the “Key Size“ for the certificate.
i.e. 2048 bit key for one year and 4096 bit key for two years.
And then enter a name that can help identify the Salesforce Sandbox or Prod Org and year.
This will help distinguish the certificate from the many different imported corticates on already installed on the T4S Server,
e.g. Sandbox_XYZ_20250108_20270108

Update T4S Setting Record

Within the Salesforce Org where the new certificate has been created, search for the T4S “Trim“ tab. and the Trim Settings record.

image-20250107-230505.png

Edit the current T4S Setting record, replacing the name of the previous Salesforce certificate with the exact name of the new self-signed certificate.

 

Import new Certificate onto the T4S Server.

Download the new self-signed certificate from Salesforce.

For the import of the certificate onto one of the T4S Servers you will need a network system admin that has remote desktop access to the UAT T4S Server or the Prod T4S Server.

NOTE: ONLY Production Org self-signed certificates should be imported into the Prod T4S Server and only Sandbox self-signed certificates should be imported into the UAT T4S Server

Copy the self-signed certificate to a folder on the T4S Server.

  • From the Windows start menu search bar, type “run” to bring up the Windows default Run app.

  • Type “mmc“ and hit enter to start the Windows MMC app

  • From the console MMC app, select File menu → Add Remove Snap-in

  • Add Corticates snap-in, and select “Computer Account” → “next” → then “Local Computer“ → Save

  • Expand and right-click on the “Trusted Root Certification Authority”

  • Import the Salesforce self-signed certificate.

 

Test T4S Connection

Within Salesforce on the Trim Setting record, select “Login Credentials” from the far right drop down list.

 

If you see a red “Error“ banner, this is only to let you know that the T4S Custom Settings has disabled new credentials from being entered or modified, and will not stop you from testing the connection if the T4S Content Manager Integration user credentials are already present.

If you need to enter or modify the T4S Content Manager Integration user credentials, navigate to Set-Up → Custom Code → Custom Settings → “Manage“ T4S Custom Settings → Default → Edit.
Then tick “Enable User Credentials“ to allow new or modified credentials to be saved.

On the “Login Credentials” page click the “Test Credentials“ button.
If the T4S Content Manager Integration user credentials are correct, and the self-signed certificate is set up correctly, then you will receive a success message.