PingAuthorize

Certificates

The server presents a server certificate when a client uses a protocol like LDAPS or HTTPS to initiate a secure connection. A client must trust the server’s certificate to obtain a secure connection to it.

PingAuthorize Server uses server certificates.

During setup, administrators have the option of using self-signed certificates or certificate authority (CA)-signed certificates for the server certificate. Use CA-signed certificates wherever possible. Use self-signed certificates for demonstration and proof-of-concept environments only.

If you specify the option --generateSelfSignedCertificate during setup, the server certificate generates automatically with the alias server-cert. The key pair consists of the private key and the self-signed certificate, and is stored in a file named keystore, which resides in the server’s /config directory. The certificates for all the servers that the server trusts are stored in the truststore file, which is also located under the server’s /config directory.

To override the server certificate alias and the files that store the key pair and certificates, use the following arguments during setup:

  • --certNickname

  • --use*Keystore

  • --use*Truststore

For more information about these arguments, see the setup tool’s Help and the Installation Guide.