Adding a certificate and key pair
Use the Certificates and key pairs page to set up a certificate for your environment.
About this task
The certificate must be valid when you add it to PingOne. You cannot add a certificate before its validity period begins (the certificate’s NotBefore
date) or after it expires (the certificate’s NotAfter
date). The private key must be unencrypted. You cannot upload a private key that is protected by a password or passphrase. The certificate, private key, and certificate chain must all be PEM-encoded unless uploading a pkcs12 file format.
Steps
-
Go to Settings → Certificates and Key Pairs.
-
Click Add and then click Create key pair.
-
Enter the following information:
Option Description Common name
The server name that is covered by the certificate. It is typically made up of the domain name, such as
www.example.com
. Do not use special characters (?, $, % and so on), IP addresses, port numbers, or http:// or https:// in the common name.Usage type
Certificates can be used for signing and verification, encryption, SSL, issuance, or outbound mTLS. Select the primary usage for this certificate.
Organization
The corporation, university, or government agency that is covered by the certificate. Use the legal name under which your organization is registered. Do not abbreviate or use any of these symbols: ! @ # $ % ^ * ( ) ~ ? > < / \.
Organization unit
A division within the primary organization, such as
Engineering
orHuman Resources
. If your organization is doing business as a trade name, you can specify the trade or DBA name in this field.City
The city in which the organization is located. Do not use abbreviations. For example, spell
Saint Louis
rather thanSt. Louis
.State
The state or province in which the organization is located.
Country
The two-character ISO 3166-1 country code. For example,
US
for the United States.Validity days
The number of days the key is valid, with a maximum of 730 days.
Key algorithm
The public key algorith with which to generate the public-provate key pair. Choose RSA (Rivest Shamir Adleman) or EC (Eliptic Curve).
Key size bits
The number of bits in the key’s algorithm. The available values depend on the selected key algorithm.
Signature algorithm
The cryptographic algorithm used by the certification authority to sign the certificate. The available values depend on the selected key algorithm.
-
Click Save and Finish.