---
title: Using an existing certificate and key pair
description: If you have an intermediate certificate from a CA, then append the content to your server .crt file.
component: pingintelligence
version: 5.2
page_id: pingintelligence:pingintelligence_reference_guide:pingintelligence_using_existing_certificate_key_pair
canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_reference_guide/pingintelligence_using_existing_certificate_key_pair.html
revdate: May 6, 2024
section_ids:
  about-this-task: About this task
  steps: Steps
  example: Example:
  example-2: Example:
---

# Using an existing certificate and key pair

## About this task

|   |                                                                                                        |
| - | ------------------------------------------------------------------------------------------------------ |
|   | If you have an intermediate certificate from a CA, then append the content to your server `.crt` file. |

To install an existing certificate:

## Steps

1. Import the key pair.

   ### Example:

   ```
   /opt/pingidentity/ase/bin/cli.sh import_key_pair private.key -u admin -p
   Warning: import_key_pair will overwrite any existing certificates
   Do you want to proceed [y/n]:y
   Exporting key to API Security Enforcer...
   OK, key pair added to keystore
   ```

2. Import the `.crt` file in ASE by running the `import_cert` CLI command.

   ### Example:

   ```
   /opt/pingidentity/ase/bin/cli.sh import_cert server-crt.crt -u admin -p
   Warning: import_cert will overwrite any existing signed certificate
   Do you want to proceed [y/n]:y
   Exporting certificate to API Security Enforcer...
   OK, signed certificate added to keystore
   ```

3. Restart ASE.

   For more information, see [Starting and stopping ASE](pingintelligence_starting_and_stopping_ase.html).