InCountry logo
mobile-nav
Search
  • Products
    • Products
      • InCountry for Salesforce
      • Data Residency-as-a-Service
      • Alibaba Cloud InCountry Service
      • Compliance and security
    • Gateways
      • Email
      • Payment Vault
      • Web Forms
      • HTML
    • Developers
      • REST API
      • SDK
  • Solutions
    • Automotive
    • Energy
    • Financial services
    • Healthcare
    • Retail
    • Technology
    • Latest success story
      • IBM Consulting
  • Integrations
    • Cegid
    • Intertrust
    • MuleSoft
    • PayPal
    • Salesforce
    • ServiceNow
    • Stripe
    • Veeva Systems
    • Yandex
  • Resources
    • Country compliance
    • Documentation
    • Library
    • Partners
    • Pricing
  • About
    • News and Blog
    • Careers
    • Contact Us
    • FAQ
    • Leadership
  • Login
  • Schedule a Demo

›Administrator's guide

Home
  • InCountry Platform
Portal
  • Getting started
  • Documentation
    • Dashboard
    • Managing environments
    • Managing SDK credentials and services
    • Managing Border configuration
    • Managing payment vaults
    • Managing email gateways
    • Managing resident functions
    • Managing file imports
    • Managing profile and organization
    • Managing users
    • Managing encryption keys
  • Release notes
Border
  • Documentation
  • Release notes
REST API
  • Documentation
  • How to test CRUD requests through REST API
  • Release notes
Resident Functions
  • Documentation
Salesforce
  • About
  • Overview
  • Quick start guide for three-model package
  • Quick start guide for legacy package
  • Administrator's guide
    • Managing the package
    • Managing permissions
    • Managing OAuth2 authentication and authorization
    • Managing certificates
    • Registering CSP Trusted Sites
    • Managing InCountry Endpoints
    • Managing REST endpoints
    • Managing InCountry flags
    • Loading the application
    • Managing data regulation policies
    • Managing protected fields
    • Hashing the UserName field
    • Managing custom objects
    • Replacing standard elements
    • Configuring record search
    • Managing components
    • Setting up Salesforce Experience Cloud
    • Managing resident functions
    • Managing InCountry cache
    • Managing Apex triggers
    • Managing record synchronization
    • Managing web forms
    • Tracking changes to data regulation policies and regulated fields
    • Using Email-to-Case feature
    • Debugging
    • Migrating data from one Salesforce organization to another
  • Developer’s guide
    • Apex SDK
    • JavaScript API
    • Retrieving record statistics
    • Tracking field history
  • User's guide
    • Working with protected fields
    • Sending compliant email messages
    • Importing data into Salesforce
    • Migrating records
    • Managing audit reports
    • Converting leads
    • Managing reports
    • Using formula fields
    • Using frontend validations
    • FAQ
    • Release notes
Payment Vault
  • Documentation
BYOK
  • Documentation
FAQ
  • Get started with the platform
  • Integration options
  • Data regulation models
  • Limits and quotas
  • Video tutorials
Service Status
  • Status

Managing certificates

warning

This is a deprecated method for request authorization between the Salesforce and the InCountry platform that is preserved to maintain backward compatibility. Please use the OAuth request authorization instead.

note

These instructions are applicable to the three-model package supporting the restriction, redaction, and UI-based replication models.

You need to upload valid certificates into Salesforce, so the InCountry Data Residency for Salesforce package can perform data communication of regulated between Salesforce and the InCountry Platform.

Getting certificates from InCountry

  1. You need to Set up an account on the InCountry Portal.

  2. Create a new environment.

  3. Create a new Salesforce integration.

  4. Download certificates.

Generating Salesforce compatible certificates

warning

Under specific circumstances, the InCountry Portal may generate the certificate in the CER format instead of the CRT format. In the following instructions, you can find commands for both certificate formats.

note

Use Java version 8 only to generate a valid JKS certificate for the InCountry Data Residency for Salesforce package. When using other versions of Java, the generated certificate may be invalid.

Installing OpenJDK 1.8 on MacOS

  1. Add the casks tap to use the AdoptOpenJDK versions by running the following command: brew tap AdoptOpenJDK/openjdk

  2. Install OpenJDK version 8 by running the following command: brew install --cask adoptopenjdk8

OpenJDK is installed into the /Library/Java/JavaVirtualMachines/ folder. This is a default location on MacOS X.

Generating a JKS certificate

  1. Install OpenSSL and Java Keystore locally.

  2. Open OpenSSL as an administrator and enter: for the CRT certificate format: openssl pkcs12 -export -name <certAlias> -in <YourCertName>.crt -inkey <YourKeyName>.key -out keystore.p12 for the CER certificate format: openssl pkcs12 -export -name <certAlias> -in <YourCertName>.cer -inkey <YourKeyName>.key -out keystore.p12

  3. Enter a password for the keystore between 6 and 8 characters.

  4. Use the following command for the certAlias alias: keytool -importkeystore -destkeystore salesforce.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias <certAlias>

    note

    To use a different version of Java, use the command below as a reference:

    /Library/Java/JavaVirtualMachines/adoptopenjdk-8.jdk/Contents/Home/bin/keytool -importkeystore -destkeystore salesforce.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias <certAlias>

  5. Enter the same password as in step 3.

  6. Upload the JKS file to Salesforce (Setup > Security > Certificate and Key Management > Import from Keystore), and enter the password specified in steps 3 and 6.

  7. Set the certificate in Salesforce as SSO Request Signing, API Client, and/or Domain Certificate.

Uploading certificates

The InCountry Data Residency for Salesforce package requires certificates to perform the client-side requests to the InCountry REST API. All the certificates must be provided in the JKS format.

You need to upload the following certificates:

  • incountry - the generic certificate for performing data requests to the InCountry Platform. This is a required certificate.

  • serverless - the certificate to perform resident functions. This is an optional certificate.

  • batch - the certificate to perform batch data operations (for data migration). This is an optional certificate.

You will have to specify the certificate names in the corresponding InCountry REST API endpoints. Depending on your setup, some certificate may not be needed.

  1. Get a certificate from InCountry.

  2. From Setup, click Security, then select Certificate and Key Management.

  3. On the Certificate and Key Management page, click Import from Keystore.

    Import from Keystore

  4. Select the certificate file and enter the keystore password.

  5. Click Save.

Once you have uploaded the certificates, the InCountry Data Residency for Salesforce package is ready for operation.

note

If you receive the Data not available error when importing certificates, please do any of the following to bypass this issue:

  • Create a self-signed certificate in the Certificate and Key Management section.

  • Enable the Identity Provider and assign the self-signed certificate to it.

After performing these steps, you will be able to import the JKS certificates.

← Managing OAuth2 authentication and authorizationRegistering CSP Trusted Sites →
  • Getting certificates from InCountry
  • Generating Salesforce compatible certificates
  • Installing OpenJDK 1.8 on MacOS
  • Generating a JKS certificate
  • Uploading certificates
InCountry logo blue
© InCountry 2022.
All rights reserved. InCountry, Inc
  • PRIVACY POLICY
  • TERMS OF SERVICE
  • Social share
    • YouTube logo
    • Facebook logo
    • Twitter logo
    • LinkedIn
  • Column 1
    • Products
      • Products
        • InCountry for Salesforce
        • Data Residency-as-a-Service
        • Alibaba Cloud InCountry Service
        • Compliance and security
      • Gateways
        • Email
        • Payment Vault
        • Web Forms
        • HTML
      • Developers
        • REST API
        • SDK
  • Column 2
    • Solutions
      • Automotive
      • Energy
      • Financial services
      • Healthcare
      • Retail
      • Technology
    • Integrations
      • Cegid
      • Intertrust
      • MuleSoft
      • PayPal
      • Salesforce
      • ServiceNow
      • Stripe
      • Veeva Systems
      • Yandex
  • Column 3
    • Resources
      • Country compliance
      • Documentation
      • Library
      • Partners
      • Pricing
    • About
      • News and Blog
      • Careers
      • Contact Us
      • FAQ
      • Leadership