PingOne

Adding a certificate and key pair

Use the Certificates and key pairs page to set up a certificate for your environment.

About this task

The certificate must be valid when you add it to PingOne. You cannot add a certificate before its validity period begins (the certificate’s NotBefore date) or after it expires (the certificate’s NotAfter date). The private key must be unencrypted. You cannot upload a private key that is protected by a password or passphrase. The certificate, private key, and certificate chain must all be PEM-encoded unless uploading a pkcs12 file format.

Steps

  1. Go to Settings > Certificates and Key Pairs.

  2. Click Add and then click Create key pair.

  3. Enter the following information:

    Option Description

    Common name

    The server name that is covered by the certificate. It is typically made up of the domain name, such as www.example.com. Do not use special characters (?, $, % and so on), IP addresses, port numbers, or http:// or https:// in the common name.

    Usage type

    Certificates can be used for signing and verification, encryption, SSL, issuance, or outbound mTLS. Select the primary usage for this certificate.

    Organization

    The corporation, university, or government agency that is covered by the certificate. Use the legal name under which your organization is registered. Do not abbreviate or use any of these symbols: ! @ # $ % ^ * ( ) ~ ? > < / \.

    Organization unit

    A division within the primary organization, such as Engineering or Human Resources. If your organization is doing business as a trade name, you can specify the trade or DBA name in this field.

    City

    The city in which the organization is located. Do not use abbreviations. For example, spell Saint Louis rather than St. Louis.

    State

    The state or province in which the organization is located.

    Country

    The two-character ISO 3166-1 country code. For example, US for the United States.

    Validity days

    The number of days the key is valid, with a maximum of 730 days.

    Key algorithm

    The public key algorith with which to generate the public-provate key pair. Choose RSA (Rivest Shamir Adleman) or EC (Eliptic Curve).

    Key size bits

    The number of bits in the key’s algorithm. The available values depend on the selected key algorithm.

    Signature algorithm

    The cryptographic algorithm used by the certification authority to sign the certificate. The available values depend on the selected key algorithm.

  4. Click Save and Finish.