--- title: Configuring MTLS description: Instructions for importing a client TLS key pair so that you can use MTLS for admin API authentication. component: pingcentral version: 3.1.1 page_id: pingcentral:pingcentral_for_iam_administrators:pingcentral_installing_configuring/pingcentral_config_mtls canonical_url: https://docs.pingidentity.com/pingcentral/3.1.1/pingcentral_for_iam_administrators/pingcentral_installing_configuring/pingcentral_config_mtls.html revdate: April 10, 2025 section_ids: steps: Steps --- # Configuring MTLS To use mutual TLS (MTLS) for Admin API authentication, import a client TLS key pair. If you're running PingCentral in FIPS-compliant mode, you'll import a `.pem` file, as `.p12` files are not allowed. | | | | - | --------------------------------------------------------------------------------------------------------------------------------- | | | Only RSA keys are supported. If you attempt to import Elliptic Curve (EC) keys, you'll receive a parsing or import error message. | ## Steps 1. Select the **Security** tab, expand the menu, and select **Client TLS Key Pair**. 2. Click **Import Key Pair**. 3. On the **Import Key Pair** page, click **Choose PKCS12 or PEM File** and select the `.p12` or `.pem` file to upload it. 4. In the **File Password** field, enter the password to the key store file. | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you're running PingCentral in FIPS-compliant mode, your password must be at least 14 characters long, and the RSA key must be at least 2048 bits. | 5. In the **Alias** field, specify the alias of the certificate in the key store file that you want to use, if required. 6. In the **Key Password** field, enter the password for the selected certificate if the PKCS12 file requires a separate password for the key. 7. Click **Import**.