---
title: Importing an existing certificate and key pair
description: The following diagram shows an overview of the steps for importing an existing certificate and key pair.
component: pingintelligence
version: 5.1
page_id: pingintelligence:api_security_enforcer:pingintelligence_importing_existing_certificate_keypair
canonical_url: https://docs.pingidentity.com/pingintelligence/5.1/api_security_enforcer/pingintelligence_importing_existing_certificate_keypair.html
revdate: April 3, 2024
section_ids:
  about-this-task: About this task
  steps: Steps
---

# Importing an existing certificate and key pair

## About this task

The following diagram shows an overview of the steps for importing an existing certificate and key pair.

![Flowchart for importing an existing certificate and key pair.](../../5.2/_images/oui1608192668052.png)

To import an existing certificate and key pair:

## Steps

1. Convert the key to a `.key` file:

   ```
   openssl rsa -in private.pem -out private.key
   ```

2. Convert the SSL certificate to a `.crt` file:

   ```
   openssl x509 -in server-cert.pem -out server-cert.crt
   ```

3. Import the cluster key into the key store using the following CLI command.

   ```
   import_key_pair {key_path} [--yes | -y]
   import key pair for cluster server
   --yes | -y : import key pair without confirmation prompt
   ```

4. Import the certificate into the key store using following CLI command:

   ```
   import_cert {cert_path} [--yes | -y]
   import CA signed certificate for cluster server
   --yes | -y : import CA signed certificate without confirmation prompt
   ```

5. Restart the API Security Enforcer (ASE) cluster for synchronizing the key and the certificate.

   For more information on restarting the ASE cluster, see [Restart ASE cluster](pingintelligence_restarting_ase_cluster.html).