Skip to main content
This section explains how to create a Salesforce certificate with the proper configuration settings to enable Bring Your Own Key (BYOK) integration. After creating and downloading the certificate, the public key is extracted and uploaded to the Vectera Plus HSM.

Create and download Salesforce certificate

1
Go to Setup page on Salesforce.For Salesforce Developer edition, click on the gear icon at the top right of the page and under “Setup Menu”, select Setup
2
Near the top left of the page, type into the “Quick Find” box: CertificateUnder “Security”, select Certificate and Key Management
3
Under “Certificates”, click on the Create Self-Signed Certificate button.
4
In the “Certificates” page, enter a unique label such as BYOK_Test_CertPressing Tab key will auto-populate the “Unqiue Name” field.If “Exportable Private Key” checkbox is selected, deselect it.For “Key Size”, select 4096.Check the “Use Platform Encryption” checkbox.Click on Save
5
In the “Certificate and Key Detail” page, click on Download Certificate

Extract the public key from Salesforce certificate

1
Open a terminal and change directory to where the downloaded Salesforce certificate is.
2
Run the following command to create a new pem file containing the public key information from the Salesforce certificate.
Shell
openssl x509 -in BYOK_Test_Cert.crt -pubkey -noout > salesforce_pub.pem

Upload Salesforce public key to the Vectera Plus

1
Open the Excrypt Manager and login as the identity that was created for this integration.
2
On the left-hand side, select Key Management, and under “Certificates and Requests”, select Generate next to “Generate Trusted Public Key:”
3
For “Major key to be used:”, select PMKFor “Key Usage:”, select Asymmetric WrapSelect the circle button next to “Generate from Public Key or Certificate:” and select Browse...Select the salesforce_pub.pem file that was generated from the previous step.Click Next >
4
Select the circle button next to “Save to disk:” and select Browse...Click on the preferred destination folder.Type in a name for the file next to “File name:” such as trusted_pub_key.exc
NoteWhen entering the filename, please ensure that .exc is in the filename. It may have to be manually typed in.
5
Under “Key Table”, click on Edit Key StorageGo to a slot that is available to the identity.Near the bottom right, click on Insert KeySelect Asymmetric Key Loading WizardSelect OKSelect the PMK major key.Select the circle button next to “Load from file:” and click on Browse...Go to where the .exc file was saved, select trusted_pub_key.exc, and select OpenSelect Next >, Next > again, and Finish
6
Take note of the slot number that the Salesforce public key is saved to as it will be needed for later.If preferred, a key label can be given to the key.