Managing key pair certificates
Add, download, or remove a certificate from a key pair, or manage key pairs using the automatic certificate management environment (ACME) protocol.
About this task
-
Add a certificate to an existing key pair by starting with a leaf certificate and then adding the intermediate and root certificates as required.
-
Remove a certificate from a configured key pair.
-
Manage key pairs using the ACME protocol, which automatically obtains and renews certificates indirectly signed by a well-known trust anchor.
-
Download a certificate when you need to configure a peer to trust a certificate used by PingAccess.
Adding certificates to key pairs
About this task
To modify the certificates included in a chain, remove the certificates from the key pair and add them again. Alternatively, delete the certificate and recreate it by importing a new certificate file and adding certificates to the key pair. |
To add a certificate to an existing key pair:
Steps
-
Click Security, then go to Key Pairs > Key Pairs.
-
Click to expand an existing key pair.
-
In the Key Pair Chain Certificate list, select Add Certificate.
-
To browse for and select the certificate file, click Choose File.
-
Click Add.
Removing certificates from key pairs
About this task
Certificates can only be removed in reverse order. This procedure removes the last certificate in the chain. |
Steps
-
Click Security, then go to Key Pairs > Key Pairs.
-
Click to expand an existing key pair.
-
To remove the last certificate in the chain, click the Delete icon.
-
To confirm your changes, click Delete.
Managing certificates for key pairs with ACME
About this task
The ACME protocol is an Internet Engineering Task Force (IETF) proposed standard protocol that automates the signing of TLS certificates by a certificate authority (CA).
By default, the ACME certificate management option in PingAccess uses the staging Let’s Encrypt ACME CA.
The Let’s Encrypt staging server, which PingAccess uses by default, has more lenient rate limits but it doesn’t generate functional certificates, to support its use for testing purposes. For more information about rate limits, see the Let’s Encrypt documentation. After testing your environment, you must switch to a production server using the PingAccess administrative application programming interface (API).
To add more ACME servers, use a |
To manage certificates with ACME:
Steps
-
Click Security, then go to Key Pairs > Key Pairs.
-
Click the Pencil icon, and then click Manage with ACME for the key pair.
Result:
The ACME status changes to Pending. When the protocol has completed, the status changes to Valid if the protocol completed successfully.
Downloading certificates
About this task
Download the certificate for the key pair used by a mutual TLS site authenticator and configure the target site to trust the certificate.
To download a certificate:
Steps
-
Click Security, then go to Key Pairs > Key Pairs.
-
Locate the row corresponding to the key pair, and then click the Pencil icon.
-
Click Download Certificate.
Result:
Your browser downloads the certificate and saves it in your local file system.