Do I need to renew the default SelfSignedCert that I never created?
We have a client org with a self signed cert called SelfSignedCert_04Mar2019_XXXXXX which expires soon.I am getting multiple notifications about renewing it.
As I didn't create it, I'd like to know how do I find out what the cert is actually used for?
And, can I just delete it?
Or do I have to renew it?
If you go to the Details page, the Delete button will be greyed out if it is in use somewhere. Hovering over the button will tell you where it is used. Or, use the "Del" link from the list view of certificates. If it is used, you'll get a list of places it is used.
Regarding deleting - If it's in use, no. You'll have to remove its usage before. If the system allows you to delete it, it was not in use.
Regarding renewing - Only if you still use the function that it is intended for. For example, if you configured SSO, you need a new certificate to allow SSO to continue working. If you don't need that feature, you can just turn it off, then remove the selfsignedcert.
Note that you won't get any more warnings after expiry, and expired certs don't count against the org limits, so there's really no "harm" in allowing it to stick around.