PingAccess

Managing key pairs

Generate a key pair and self-signed certificate, import a key pair from a PKCS#12 or PEM-encoded file, or delete a configured key pair.

About this task

PEM-encoded key pair files use the following format for the key and certificates:

-----BEGIN ENCRYPTED PRIVATE KEY-----
 <Base64–encoded private key>
(Private Key:  <domain_name.key>)
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
 <Base64–encoded certificate>
(Primary SSL certificate:  <domain_name.crt>)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
 <Base64–encoded certificate>
(Intermediate certificate:  <Intermediate.crt>)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
 <Base64–encoded certificate>
(Root certificate:  <Root.crt>)
-----END CERTIFICATE-----
  • Importing existing key pairs

  • Generating new key pairs

Importing existing key pairs

About this task

If PingAccess is running in Federal Information Processing Standards (FIPS) mode, you can only import or export PEM-encoded key pairs. For more information, see Managing Federal Information Processing Standards (FIPS) mode.

To import a key pair from a PKCS#12 or PEM-encoded file:

Steps

  1. Click Security, then go to Key Pairs > Key Pairs.

  2. Click Import.

  3. In the Alias field, enter a name that identifies the key pair.

    Special characters and spaces are allowed. This name identifies the key pair when you’re assigning the key pair to various configurations, such as HTTPS Listeners.

  4. In the Password field, enter a password to protect the key pair file.

    PingAccess uses the password to read the file.

  5. Click Choose File to locate the key pair file.

  6. Click Save to import the file.

    If the key pair is either expired or not yet valid, PingAccess displays a warning, but the import will proceed. If the key pair cannot be read using the specified password, the import fails.

Generating new key pairs

About this task

To generate a key pair and self-signed certificate:

Steps

  1. Click Security, then go to Key Pairs > Key Pairs.

  2. Click Add Key Pair.

  3. In the Alias field, enter an internal alias for the key pair.

  4. In the Common Name field, enter the common name identifying the certificate.

  5. Optional: If the key pair is going to be used for incoming requests on multiple hosts or multiple IP addresses, enter additional Subject Alternative Names to meet those requirements.

  6. In the Organization field, enter the organization or company name of the group creating the certificate.

  7. Optional: In the Organization Unit field, enter the unit within the organization.

  8. Optional: In the City field, enter the city or primary location where the organization operates.

  9. Optional: In the State field, enter the state or political unit where the organization operates.

  10. In the Country field, enter the country where the organization operates.

  11. In the Valid Days field, enter the number of days that the certificate is valid.

  12. Optional: In the Selected HSM list, select a hardware security module to store the key pair in.

  13. In the Key Algorithm section, select an algorithm:

    1. In the Key Size list, select the number of bits in the key.

    2. In the Signature Algorithm list, select the signature algorithm to use for the key.

  14. Click Save.

Deleting key pairs

About this task

If a key pair is currently in use, you cannot delete it.

Steps

  1. Click Security, then go to Key Pairs > Key Pairs.

  2. Click to expand the key pair that you want to delete.

  3. Click the Delete icon.

  4. To confirm your changes, click Delete.