---
title: Generating new key pairs
description: To generate a key pair and self-signed certificate:
component: pingaccess
version: 9.0
page_id: pingaccess:pingaccess_user_interface_reference_guide:pa_generating_new_key_pairs
canonical_url: https://docs.pingidentity.com/pingaccess/9.0/pingaccess_user_interface_reference_guide/pa_generating_new_key_pairs.html
revdate: September 22, 2023
section_ids:
  about-this-task: About this task
  steps: Steps
---

# Generating new key pairs

## About this task

To generate a key pair and self-signed certificate:

## Steps

1. Click **Security**, then go to **Key Pairs > Key Pairs**.

2. Click **[icon: plus, set=fa]Add Key Pair**.

3. In the **Alias** field, enter an internal alias for the key pair.

4. In the **Common Name** field, enter the common name identifying the certificate.

5. **Optional:** If the key pair is going to be used for incoming requests on multiple hosts or multiple IP addresses, enter additional **Subject Alternative Names** to meet those requirements.

6. In the **Organization** field, enter the organization or company name of the group creating the certificate.

7. **Optional:** In the **Organization Unit** field, enter the unit within the organization.

8. **Optional:** In the **City** field, enter the city or primary location where the organization operates.

9. **Optional:** In the **State** field, enter the state or political unit where the organization operates.

10. In the **Country** field, enter the country where the organization operates.

11. In the **Valid Days** field, enter the number of days that the certificate is valid.

12. **Optional:** In the **Selected HSM** list, select a hardware security module to store the key pair in.

13. In the **Key Algorithm** section, select an algorithm:

    1. In the **Key Size** list, select the number of bits in the key.

    2. In the **Signature Algorithm** list, select the signature algorithm to use for the key.

14. Click **Save**.