Background
I generated a CSR from Salesforce setup and have received back the PositiveSSL Certificate from sectigo.com.
But when I try and upload the certificate into Salesforce, I get this error:
Error: The certificate that you are uploading doesn't match the generated certificate signing request.
Included with the SSL certificate were these additional files:
- Root CA Certificate – AddTrustExternalCARoot.crt
- Intermediate CA Certificate – USERTrustRSAAddTrustCA.crt
- Intermediate CA Certificate – SectigoRSADomainValidationSecureServerCA.crt
- Your PositiveSSL Certificate – mycert.crt
I tried combining a couple of the certificates:
cat mycert.crt AddTrustExternalCARoot.crt > combined.pem
or
cat mycert.crt SectigoRSADomainValidationSecureServerCA.crt > combined.pem
and uploading the combined.pem
but I got the same error.
Questions
- Why won't Salesforce accept the SSL certificate?
- What do I need to do to get Salesforce to accept the cert?
NOTE: I've raised a support ticket and it got immediately got closed because the org does not have developer support.
Best Answer
In a certificate chain, you have to include all certificates starting from the domain and up towards the root. This should work:
cat mycert.crt SectigoRSADomainValidationSecureServerCA.crt USERTrustRSAAddTrustCA.crt > combined.pem
The position of the certs in the chain is based on Sectigo docs: