---
title: Adding a certificate
description: Learn how to add a certificate in PingOne to establish trust, verify identity, and secure communication with applications and services.
component: pingone
page_id: pingone:settings:p1_addcertificate
canonical_url: https://docs.pingidentity.com/pingone/settings/p1_addcertificate.html
revdate: November 9, 2023
keywords: ["add certificate", "upload certificate", "certificate management", "certificate usage type"]
section_ids:
  before-you-begin: Before you begin
  steps: Steps
---

# Adding a certificate

Use the **Certificates** tab of the **Certificates and Key Pairs** page to set up a certificate for your environment.

## Before you begin

Before you add a certificate, ensure that the following requirements are met:

* The certificate is valid at the time you add it to PingOne. You can't upload a certificate before its `NotBefore` date or after its `NotAfter` expiration date.

* The private key is unencrypted.

* The certificate, private key, and certificate chain are all PEM-encoded unless you're uploading a PKCS12 file.

* Supported certificate formats include `PKCS7 (.p7b)` and `PEM (.cer, .crt, .pem)`.

* The certificate has a key length of at least 2048 bits and uses SHA-256 or stronger encoding.

## Steps

1. In the PingOne admin console, go to **Settings > Certificates and Key Pairs**.

2. On the **Certificates** tab, click the **[icon: plus, set=fa]icon**.

   ![A screenshot of the certificates page.](_images/p1-certificates-and-keypairs-page-certs-tab.png)

3. Click **Select a file** and select the certificate file to upload.

   ![A screenshot of the view of the certificates page.](_images/p1-cert-add.png)

4. In the **Usage Type** list, select one of the following options:

   | Option                      | Description                                                                                                                                                                                             |
   | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   | **Signing - Verification**  | Used to create and validate digital signatures. Enables the certificate to sign tokens or data so that other systems can verify the signature to ensure authenticity and integrity.                     |
   | **Encryption – Decryption** | Used to securely protect sensitive data. Allows the certificate to encrypt information so only the holder of the matching private key can decrypt it.                                                   |
   | **SSL/TLS**                 | Used to secure network connections. Supports encrypted HTTPS communication, ensuring secure connections between clients and servers.                                                                    |
   | **Issuance**                | Used by certificate authorities (CAs) to sign and issue other certificates. Typically selected when the certificate will be used to generate subordinate or leaf certificates within a trust hierarchy. |

5. Click **Save**.