Retirement of Default Certificate affects SAML Single Sign On into Salesforce
Salesforce continues to work on the default certificate expiration. For Security best practices, they will retire the use of the proxy.salesforce.com client certificate with the Salesforce Winter 18 release (to be rolled out starting October 6, 2017...SAFE HARBOR). During the Winter '18 release, your SAML Single Sign-On configurations that use the proxy.salesforce.com default certificate will be switched to a self-signed certificate automatically. For more details, please refer to this Salesforce Knowledge Article.
Due to the upcoming expiration of the default client certificate (proxy.salesforce.com) and for security best practices, Salesforce will retire the use of this client certificate on August 7, 2017 at 9:30AM US Pacific Time (16:30 UTC). Customers using the following features may be impacted:
Single Sign-On using Service Provided (SP)-Initiated SAML
Workflow automated messaging
We highly suggest you refer to the following Salesforce Knowledge Article for details and questions.