Salesforce has announced several certificate-related changes in 2026 that may generate questions from customers. enosix has reviewed these changes and assessed the impact across our product line. No customer-facing disruptions have been observed to date, and our architecture minimizes exposure to these changes. Below is a summary of each change and how it relates to enosix products.
1. Root Certificate Transition to DigiCert Global Root G2 (Effective February 5, 2026)
Salesforce has transitioned to issuing certificates chained from the DigiCert Global Root G2. Any certificate issued by Salesforce after February 5, 2026 will be chained to this new root in most environments. Salesforce recommends that organizations adopt the Mozilla Root Certificate Set to future-proof their trust stores.
Impact on enosix Products
-
Salesforce Apps (Surface, Transact, Commerce, SDK, Sync): enosix integrations with SAP are built on Named Credentials and Callouts, not direct API client connections. Salesforce manages the outbound TLS trust chain for Named Credential callouts, so no customer action is required for these products. Self-signed certificates and CA-signed certificates that you upload to your org are not in scope for this change.
-
enosix Link: The enosix Link appliance has been patched to include the latest root certificate updates, including DigiCert Global Root G2. Customers should review the Link release announcements and ensure they are running the latest version. Customers not using the stable (automatic update) channel should update to the latest release to ensure continued compatibility.
-
enosix Connect: The enosix Connect appliance has been patched to support the latest root certificate updates. Customers should review the Connect release announcements and ensure they are running the latest version. Customers not using the stable (automatic update) channel should update to the latest release to ensure continued compatibility.
2. Deprecation of Dual-use Certificates (Effective June 15, 2026)
Effective June 15, 2026, Chrome will mandate a strict separation between server and client authentication certificates ("dual-use" ban). This impacts customers using mutual TLS (mTLS) with Salesforce, requiring that client certificates are not sourced from the same public roots used for website trust.
Impact on enosix Products
enosix products do not use mTLS for connectivity between Salesforce and SAP. This change has no impact on enosix integrations. Customers who have implemented custom mTLS configurations outside of enosix products should review the Salesforce-supported CAs for Client Auth EKUs and audit their mTLS usage independently.
3. Certificate Lifespan Reductions (Starting March 15, 2026)
To align with industry standards, Salesforce is reducing maximum TLS server certificate lifespans in phases:
| Date | Maximum Lifespan |
|---|---|
| March 15, 2026 | 200 days |
| March 15, 2027 | 100 days |
| March 15, 2029 | 47 days |
This means certificates will be renewed more frequently. Some CA vendors have already begun issuing 200-day certificates.
Impact on enosix Products
-
Salesforce Apps (Surface, Transact, Commerce, SDK, Sync): Certificate renewal is managed entirely by Salesforce for Named Credential connections. No customer action is required.
-
enosix Link & Connect: Appliance updates include support for more frequent certificate rotations. Customers should stay current on the latest releases to ensure their appliances handle renewed certificates seamlessly. Customers not using the stable (automatic update) channel should regularly check for and apply the latest updates.
Summary
| Change | Effective Date | enosix Impact | Customer Action |
|---|---|---|---|
| Root Certificate → DigiCert Global Root G2 | Feb 5, 2026 | No disruption observed | Link & Connect: update to latest release if not on stable channel |
| Dual-use Certificate Ban (mTLS) | June 15, 2026 | No impact (enosix does not use mTLS) | None for enosix products |
| Certificate Lifespan → 200 days | March 15, 2026 | No impact for Named Credential integrations | Link & Connect: stay current on releases |
Additional Resources
- Salesforce Certificate Rotation FAQ
- DigiCert Root Certificates
- Impact on MuleSoft Applications — for customers using the enosix MuleSoft Connector, review this Salesforce article regarding trust store updates for MuleSoft.
For any questions or support, please contact the enosix team.