Adding a certificate and key pair

Use the Certificates and key pairs page to set up a certificate for your environment.

About this task

The certificate must be valid when you add it to PingOne. You cannot add a certificate before its validity period begins (the certificate’s NotBefore date) or after it expires (the certificate’s NotAfter date). The private key must be unencrypted. You cannot upload a private key that is protected by a password or passphrase. The certificate, private key, and certificate chain must all be PEM-encoded unless uploading a pkcs12 file format.

Steps

Go to Settings > Certificates and Key Pairs.
Click Add and then click Create key pair.

Enter the following information:

Option Description

Option	Description
Common name	The server name that is covered by the certificate. It is typically made up of the domain name, such as `www.example.com`. Do not use special characters (?, $, % and so on), IP addresses, port numbers, or http:// or https:// in the common name.
Usage type	Certificates can be used for signing and verification, encryption, SSL, issuance, or outbound mTLS. Select the primary usage for this certificate.
Organization	The corporation, university, or government agency that is covered by the certificate. Use the legal name under which your organization is registered. Do not abbreviate or use any of these symbols: ! @ # $ % ^ * ( ) ~ ? > < / \.
Organization unit	A division within the primary organization, such as `Engineering` or `Human Resources`. If your organization is doing business as a trade name, you can specify the trade or DBA name in this field.
City	The city in which the organization is located. Do not use abbreviations. For example, spell `Saint Louis` rather than `St. Louis`.
State	The state or province in which the organization is located.
Country	The two-character ISO 3166-1 country code. For example, `US` for the United States.
Validity days	The number of days the key is valid, with a maximum of 730 days.
Key algorithm	The public key algorith with which to generate the public-provate key pair. Choose RSA (Rivest Shamir Adleman) or EC (Eliptic Curve).
Key size bits	The number of bits in the key’s algorithm. The available values depend on the selected key algorithm.
Signature algorithm	The cryptographic algorithm used by the certification authority to sign the certificate. The available values depend on the selected key algorithm.

Common name

The server name that is covered by the certificate. It is typically made up of the domain name, such as www.example.com. Do not use special characters (?, $, % and so on), IP addresses, port numbers, or http:// or https:// in the common name.

Usage type

Certificates can be used for signing and verification, encryption, SSL, issuance, or outbound mTLS. Select the primary usage for this certificate.

Organization

The corporation, university, or government agency that is covered by the certificate. Use the legal name under which your organization is registered. Do not abbreviate or use any of these symbols: ! @ # $ % ^ * ( ) ~ ? > < / \.

Organization unit

A division within the primary organization, such as Engineering or Human Resources. If your organization is doing business as a trade name, you can specify the trade or DBA name in this field.

City

The city in which the organization is located. Do not use abbreviations. For example, spell Saint Louis rather than St. Louis.

State

The state or province in which the organization is located.

Country

The two-character ISO 3166-1 country code. For example, US for the United States.

Validity days

The number of days the key is valid, with a maximum of 730 days.

Key algorithm

The public key algorith with which to generate the public-provate key pair. Choose RSA (Rivest Shamir Adleman) or EC (Eliptic Curve).

Key size bits

The number of bits in the key’s algorithm. The available values depend on the selected key algorithm.

Signature algorithm

The cryptographic algorithm used by the certification authority to sign the certificate. The available values depend on the selected key algorithm.

Click Save and Finish.