Prepare for Upcoming Root Certificate Changes in Salesforce

David Legault
David Legault
  • Updated

Salesforce Certificate Migration: February 5, 2026

1. Impact Summary

  • Riva Cloud/Insight Customers: No impact. All certificate management is handled automatically by Riva’s cloud infrastructure.

  • Riva On-Premise/Insight Customers: Action may be required. This change only affects you if the server hosting your Riva environment has an outdated "Trust Store." If your server doesn't trust the new DigiCert G2 root, it won't be able to establish a secure HTTPS connection to Salesforce, causing synchronization to stop.

2. Why is this happening?

Modern security standards require moving away from older "G1" certificates. Salesforce is transitioning to the DigiCert Global Root G2 to ensure continued compatibility with web browsers and operating systems. If you miss this deadline, your inbound API connections to Salesforce may fail with "Connection Not Secure" or "Handshake" errors.

3. Verification Steps for On-Premise Servers

The following modern operating systems typically include the DigiCert Global Root G2 by default through automatic updates. However, it is highly recommended to manually verify:

Supported OS (Usually Updated Automatically)

  • Windows Server 2016

  • Windows Server 2019

  • Windows Server 2022

Manual Verification Methods

You can confirm the certificate exists using one of these methods:

  1. PowerShell
  2. Certificate Manager
  3. System Certificate

Method A: PowerShell (Fastest)

Run the following command to check if the G2 certificate is already in your store:

PowerShell

Get-ChildItem Cert:\LocalMachine\Root | Where-Object { $_.Subject -like "*DigiCert Global Root G2*" }

If a result appears with the "Thumbprint" and "Subject," you are protected.

Method B: Windows Certificate Manager (Visual)

  1. Open the Start Menu, search for certmgr.msc (or "Manage Computer Certificates").

  2. Navigate to Trusted Root Certification Authorities > Certificates.

  3. Look for DigiCert Global Root G2 in the list.

Method C: System Certificate

  1. Open System Certificates on the Riva On-Premise server.

  2. Navigate to:
    Trusted Root Certificates

  3. Locate and confirm the presence of DigiCert Global Root G2. 

4. What if the certificate is missing?

If you do not see the certificate, you must manually download and install the DigiCert Global Root G2 from the official DigiCert website or apply the latest Windows Updates to your server.