The SFDC Expiring Certificate Notification is an email notification sent by Salesforce to the System Administrator, notifying them that one or more security certificates are expiring soon. These Certificates are used to verify the identity of a website or application and to secure the communication between the user and the server. If a certificate expires, it can cause security issues, so the email alerts are typically sent at the 60-day mark, 30-day mark, 10-day mark, and day of expiry.

Create a New Certificate

1. Go to Setup -> Certificate and Key Management -> Click on Create Self-Signed Certificate -> Create a new Certificate

Check Where Certificates Are Used

1. Open the certificate. If the Delete button on that certificate is grayed out, it means it is being used. Hover over the Delete button to see where that specific Certificate is being used.

Replace the Expired Certificate

After creating the new Certificate, you will need to replace the expiring one. Depending on the type, the expired certificate must be replaced in the following places to fully complete the renewal process.

Single Sign On:

1. Go to Setup > Identity > Single Sign-On Settings. Select the SSO setting and Edit.

2. Click the Choose File button to upload a new certificate in Identity Provider Certificate field.

3. Save the changes after uploading the new certificate.

Connected Apps: 

1. Go to Setup > Manage Connected Apps. 

2. Open the App that is using the Certificate. Replace the old Certificate with the new one.

Identity Provider:

1. Go to Setup > Identity Provider.

2. Click Edit.  Replace the old Certificate with the new one.

The expiring certificate should now have a Del link next to the name, which you can click to delete the certificate. 

Renewing the organization’s digital certificates is essential for maintaining the integrity of data transmission between systems. The System Administrator should ensure that certificates are renewed promptly to avoid any security issues to their org.