<!--This template is a great use for issues that are feature::additions or technical tasks for larger issues.--> ### Proposal A GitLab Dedicated [customer](https://gitlab.zendesk.com/agent/tickets/687828) reached out asking for impact assessment on Salesforce integration for upcoming changes to Salesforce due to the Root Certificate Changes. > **Salesforce Advisory:**\ > \ > **What is changing?** > > As part of our commitment to platform security and engineering standards, Salesforce is updating its digital certificate infrastructure. Starting **February 5, 2026**, Salesforce certificates will begin to be chained from the **Digicert Global Root G2 (Digicert G2 Root)**. > > While Salesforce may change Root Certificate Authorities at any time to respond to security or industry events, this specific transition requires customer preparation to ensure continued connectivity. > > **What is the impact?** > > If your trust stores do not include the Digicert G2 Root certificate by the enforcement date, your systems will be unable to establish a secure connection to Salesforce. This impact applies to: > > **API Connections:** > > * Critical integrations may fail to authenticate. > > **Browser Access:** > > * Users may encounter security warnings or experience issues accessing Salesforce via web browsers. > > **Availability:** > > * Failure to take action will result in a loss of service uptime and availability. > > **What actions do I need to take?** > > You must ensure that the **Digicert Global Root G2 (Digicert G2 Root)** is present in your environment's trust stores before **February 5, 2026**. > > Salesforce strongly advises customers to trust the **Mozilla Certificate Rootset** as per our [official documentation](https://help.salesforce.com/s/articleView?id=xcloud.security_keys_policy_and_rotation.htm&type=5). This is a comprehensive collection of multiple Root Certificate Authorities trusted by Mozilla, which includes the necessary Digicert G2 Root and provides a proactive defense against future root rotations. > > **Where can I get additional information?** > > For detailed technical guidance on managing certificate rotations, please review the [Certificates in Salesforce](https://help.salesforce.com/s/articleView?id=xcloud.security_keys_policy_and_rotation.htm&type=5) Help article. Digicert Root CAs can be found [here](https://knowledge.digicert.com/general-information/digicert-trusted-root-authority-certificates). <!--Use this section to explain the feature and how it will work. It can be helpful to add technical details, design proposals, and links to related epics or issues.--> <!--Consider adding related issues and epics to this issue. You can also reference the Feature Proposal Template (https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/issue_templates/Feature%20proposal%20-%20detailed.md) for additional details to consider adding to this issue. Additionally, as a data oriented organization, when your feature exits planning breakdown, consider adding the `What does success look like, and how can we measure that?` section.--> <!--Label reminders Use the following resources to find the appropriate labels: - Use only one tier label choosing the lowest tier this is intended for - https://gitlab.com/gitlab-org/gitlab/-/labels - https://about.gitlab.com/handbook/product/categories/features/-->