PingFederate Server

Manage trusted certificate authorities

On the Trusted CAs window, you can import, export, review, and remove certificate authorities (CAs).

You can import your federation partner’s CA certificate or self-signed certificates into PingFederate’s global trust list on Security → Certificate & Key Management → Trusted CAs. If the CA is not one of the major authorities, you might also need to import the certificate from the CA that signed the partner certificate.

If a required CA certificate is already available from the Java runtime, you do not need to import the same certificate into the PingFederate store.

Importing trusted certificate authorities

Import your federation partner’s certificate authority (CA) certificate or self-signed certificates into PingFederate’s global trust list.

Steps

  1. On the Trusted CAs window, click Import.

  2. On the Import Certificate window, choose the applicable certificate file.

    If PingFederate is integrated with a hardware security module (HSM) from Thales in hybrid mode, select the storage facility of the certificate from the Cryptographic Provider list.

    • Select HSM to store the certificate in the HSM.

    • Select Local Trust Store to store the certificate in the local trust store managed by PingFederate.

  3. On theSummary window, review your configuration, amend as needed, and click Save.

Exporting trusted certificate authorities

Export your federation partner’s certificate authority (CA) certificate or self-signed certificates as desired.

Steps

  1. On the Trusted CAs window, select Action → Export for the certificate.

  2. On the Export Certificate window, click Next.

  3. On the Export & Summary window, click Export to save the certificate file and then click Done.

Reviewing trusted certificate authorities

Review certificates to ensure you’ve selected the correct ones.

Steps

  1. On the Trusted CAs window, select the certificate by its serial number.

  2. Review the selected certificate in the pop-up window.

  3. When finished, close the pop-up window.

Removing trusted certificate authorities

Remove certificates from the Trusted CAs window when necessary.

Steps

  1. On the Trusted CAs window, select Action → Delete for the certificate.

    To cancel the removal request, select Action → Undelete for the certificate.

  2. Click Save to confirm your action.