--- title: Manage trusted certificate authorities description: On the Trusted CAs window, you can import, export, review, and remove certificate authorities (CAs). component: pingfederate version: 13.1 page_id: pingfederate:administrators_reference_guide:help_certmanagementtasklet_trustedcas_certmanagementstate canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/help_certmanagementtasklet_trustedcas_certmanagementstate.html llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md revdate: July 5, 2022 section_ids: importing-trusted-certificate-authorities: Importing trusted certificate authorities steps: Steps exporting-trusted-certificate-authorities: Exporting trusted certificate authorities steps-2: Steps reviewing-trusted-certificate-authorities: Reviewing trusted certificate authorities steps-3: Steps removing-trusted-certificate-authorities: Removing trusted certificate authorities steps-4: Steps --- # Manage trusted certificate authorities On the **Trusted CAs** window, you can import, export, review, and remove certificate authorities (CAs). You can import your federation partner's CA certificate or self-signed certificates into PingFederate's global trust list on **Security > Certificate & Key Management > Trusted CAs**. If the CA is not one of the major authorities, you might also need to import the certificate from the CA that signed the partner certificate. | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------- | | | If a required CA certificate is already available from the Java runtime, you do not need to import the same certificate into the PingFederate store. | ## Importing trusted certificate authorities Import your federation partner's certificate authority (CA) certificate or self-signed certificates into PingFederate's global trust list. ### Steps 1. On the **Trusted CAs** window, click **Import**. 2. On the **Import Certificate** window, choose the applicable certificate file. | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If PingFederate is integrated with a hardware security module (HSM) from Thales in hybrid mode, select the storage facility of the certificate from the **Cryptographic Provider** list.- Select **HSM** to store the certificate in the HSM. - Select **Local Trust Store** to store the certificate in the local trust store managed by PingFederate. | 3. On the**Summary** window, review your configuration, amend as needed, and click **Save**. ## Exporting trusted certificate authorities Export your federation partner's certificate authority (CA) certificate or self-signed certificates as desired. ### Steps 1. On the **Trusted CAs** window, select **Action > Export** for the certificate. 2. On the **Export Certificate** window, click **Next**. 3. On the **Export & Summary** window, click **Export** to save the certificate file and then click **Done**. ## Reviewing trusted certificate authorities Review certificates to ensure you've selected the correct ones. ### Steps 1. On the **Trusted CAs** window, select the certificate by its serial number. 2. Review the selected certificate in the pop-up window. 3. When finished, close the pop-up window. ## Removing trusted certificate authorities Remove certificates from the **Trusted CAs** window when necessary. ### Steps 1. On the **Trusted CAs** window, select **Action > Delete** for the certificate. | | | | - | -------------------------------------------------------------------------------- | | | To cancel the removal request, select **Action > Undelete** for the certificate. | 2. Click **Save** to confirm your action.