Create & download Salesforce certificate and upload public key to HSM

3 min

this section explains how to create a salesforce certificate with the proper configuration settings to enable bring your own key (byok) integration after creating and downloading the certificate, the public key is extracted and uploaded to the {{vectera}} hsm create and download salesforce certificate go to setup page on salesforce for salesforce developer edition, click on the gear icon at the top right of the page and under "setup menu", select setup near the top left of the page, type into the "quick find" box certificate under "security", select certificate and key management under "certificates", click on the create self signed certificate button in the "certificates" page, enter a unique label such as byok test cert pressing tab key will auto populate the "unqiue name" field if "exportable private key" checkbox is selected, deselect it for "key size", select 4096 check the "use platform encryption" checkbox click on save in the "certificate and key detail" page, click on download certificate extract the public key from salesforce certificate open a terminal and change directory to where the downloaded salesforce certificate is run the following command to create a new pem file containing the public key information from the salesforce certificate openssl x509 in byok test cert crt pubkey noout > salesforce pub pem upload salesforce public key to the {{vectera}} open the excrypt manager and login as the identity that was created for this integration on the left hand side, select key management , and under "certificates and requests", select generate next to "generate trusted public key " for "major key to be used ", select pmk for "key usage ", select asymmetric wrap select the circle button next to "generate from public key or certificate " and select browse select the salesforce pub pem file that was generated from the previous step click next > select the circle button next to "save to disk " and select browse click on the preferred destination folder type in a name for the file next to "file name " such as trusted pub key exc note when entering the filename, please ensure that exc is in the filename it may have to be manually typed in under "key table", click on edit key storage go to a slot that is available to the identity near the bottom right, click on insert key select asymmetric key loading wizard select ok select the pmk major key select the circle button next to "load from file " and click on browse go to where the exc file was saved, select trusted pub key exc , and select open select next > , next > again, and finish take note of the slot number that the salesforce public key is saved to as it will be needed for later if preferred, a key label can be given to the key