Manage trusted certificate authorities
On the Trusted CAs window, you can import, export, review, and remove certificate authorities (CAs).
You can import your federation partner’s CA certificate or self-signed certificates into PingFederate’s global trust list on Security → Certificate & Key Management → Trusted CAs. If the CA is not one of the major authorities, you might also need to import the certificate from the CA that signed the partner certificate.
|
If a required CA certificate is already available from the Java runtime, you do not need to import the same certificate into the PingFederate store. |
Importing trusted certificate authorities
Import your federation partner’s certificate authority (CA) certificate or self-signed certificates into PingFederate’s global trust list.
Steps
-
On the Trusted CAs window, click Import.
-
On the Import Certificate window, choose the applicable certificate file.
If PingFederate is integrated with a hardware security module (HSM) from Thales in hybrid mode, select the storage facility of the certificate from the Cryptographic Provider list.
-
Select HSM to store the certificate in the HSM.
-
Select Local Trust Store to store the certificate in the local trust store managed by PingFederate.
-
-
On theSummary window, review your configuration, amend as needed, and click Save.
Exporting trusted certificate authorities
Export your federation partner’s certificate authority (CA) certificate or self-signed certificates as desired.
Steps
-
On the Trusted CAs window, select Action → Export for the certificate.
-
On the Export Certificate window, click Next.
-
On the Export & Summary window, click Export to save the certificate file and then click Done.