Deprecation of dual-use certificates

Note Salesforce updates are subject to change beyond our control. Sage People attempts to maintain our content in alignment: for the most up to date information, refer to Salesforce documentation.

What's happening?

Effective June 15, 2026, Chrome mandates a strict "Dual-use" ban. This requires distinct separation between server and client authentication certificates.

Will this affect you?

This change will only impact you if you have a custom API that uses an mTLS (mutual transport layer security) certificate. You can check your certificates in Sage People within the certificate and key management section in setup. If you're unsure if you use mTLS certificates, check with the individuals who built the integration or the service you're connecting with.

Recommended action

Check if you're using TLS certificates by going to the certificate and key management section. Check if you have a section called Mutual Authentication Certificates. If you do, check if there are any certificates listed. If you don't, or there are no certificates in this area, then you're not using any. If you're using mTLS certificates, you'll need to obtain new TLS certificates that aren't “dual use” and add these to your instance.

For more details, see Salesforce's articles:

Upcoming mandatory changes to Public Key Infrastructure (PKI)

Action required: Chrome policy changes and your Salesforce mLTS setup

Certificates in Salesforce