---
title: Exchanging signing certificates
description: To allow PingFederate and ServiceNow to communicate securely, exchange the signing certificates between the two systems.
component: servicenow
page_id: servicenow:setup:pf_servicenow_connector_exchanging_signing_certificates
canonical_url: https://docs.pingidentity.com/integrations/servicenow/setup/pf_servicenow_connector_exchanging_signing_certificates.html
revdate: July 8, 2024
section_ids:
  steps: Steps
---

# Exchanging signing certificates

To allow PingFederate and ServiceNow to communicate securely, exchange the signing certificates between the two systems.

## Steps

1. In PingFederate, export your signing certificate. On the PingFederate admin console, go to **Security > Signing & Decryption Keys & Certificates**.For the certificate that you want to use, in the **Action** column, click **Export**.On the **Export Certificate** screen, click **Next**.On the **Export & Summary** screen, click **Export**.Open the `*.crt` file in a text editor.

2. In ServiceNow, import your PingFederate signing certificate.

   1. On your ServiceNow instance, go to **SAML 2 Single Sign-on > Certificate**. Click **New**.

   2. On the **New record** screen, in the **Name** field, enter `SAML 2.0`.

   3. **Optional:** In the **Short description** field, enter a description. This appears on the **Certificate** screen.

   4. In the **PEM Certificate** field, paste the contents of the `*.crt` file that you exported from PingFederate.

   5. Click **Submit**.

3. In ServiceNow, export your ServiceNow single logout (SLO) certificate.

   1. On your ServiceNow instance, go to **SAML 2 Single Sign-on > Certificate**. Click **SAML 2.0 SP Keystore**.

   2. On the **SAML 2.0 SP Keystore** screen, download the certificate keystore by clicking **saml2sp\_keystore**.

   3. Extract the certificate from `saml2sp_keystore` as shown in [How to print the Public Key of a Certificate using Keytool](https://hi.service-now.com/kb_view.do?sysparm_article=KB0714222) in the ServiceNow documentation.

   4. Copy the output of the command to a text file on your computer, and save it as `sn-certificate.crt`.

4. In PingFederate, import your ServiceNow SLO certificate as a trusted certificate authority (CA).

   1. On the PingFederate admin console, go to **Security > Trusted CAs**.

   2. On the **Trusted CAs** screen, click **Import**.

   3. On the **Import Certificate** screen, select `sn-certificate.crt`. Click **Next**.

   4. On the **Summary** screen, click **Save**.

5. In ServiceNow, export your SAML 2.0 metadata.

   1. On your ServiceNow instance, go to **SAML 2 Single Sign-on > Metadata**.

   2. Copy the metadata block to a text file on your computer, and save it as `sn-metadata.xml`.

   You will use this in [Creating a single sign-on connection](pf_servicenow_connector_creating_a_single_sign_on_connection.html).