PingFederate Server

Certificate events

PingFederate sends email notifications for the creation, update, and expiration of certificates.

PingFederate also sends email notifications for the creation and activation of new pending certificates when automatic rotation for self-signed certificates is enabled in the Security → Certificate & Key Management → Signing & Decryption Keys & Certificates window. It sends notifications to the email address that has been configured for certificate events on the Runtime Notifications window.

Email subject and template file name Event Action

A PingFederate Certificate Is About to Expire

message-template-cert-warning.html

A certificate is about to expire.

PingFederate generates a notification based on settings defined on the Runtime Notifications window.

The message includes the details of the certificate and the connections associated with it.

Create a new certificate and work with the applicable partners to update the expiring certificate.

If a self-signed certificate is used for signing or decryption, consider enabling certificate rotation while creating the new certificate.

For a clustered PingFederate environment, replicate the configuration using the administrative console.

A PingFederate Certificate Has Expired

message-template-cert-expire.html

A certificate expired.

PingFederate generates a notification upon the expiration of a certificate.

The message includes the details and the connections associated with the certificate.

Create a new certificate and work with the applicable partners to update the expiring certificate.

If a self-signed certificate is used for signing or decryption, consider enabling certificate rotation while creating the new certificate.

For a clustered PingFederate environment, replicate the configuration using the administrative console.

A New PingFederate Certificate Has Been Created

message-template-cert-rotation.html

A new pending certificate has been created for signing or decryption.

PingFederate generates a notification when a new pending certificate is created.

The message includes the details of the current certificate, the details of the new certificate, the activation date, and the connections that will be affected when the new certificate is activated.

Work with the applicable partners to update the expiring certificate.

PingFederate supports providing metadata for Browser SSO connections.

For a clustered PingFederate environment, replicate the configuration using the administrative console.

A PingFederate Certificate Has Been Updated

message-template-cert-deactivation.html

A new certificate for signing or decryption is activated.

PingFederate generates a notification when the new certificate is activated.

The message includes the details of the new certificate and the affected connections.

None, unless the applicable partners have not been notified or configuration has not been replicated in a clustered PingFederate environment.