PingOne

Adding an SSL certificate

To enable HTTPS for your custom domain, you need to add an Secure Sockets Layer (SSL) certificate from a certificate authority (CA). You can also use these steps to update a certificate that has expired. Learn more in Generating a CSR for a custom domain.

About this task

  • Do not use a self-signed certificate or a certificate signed by a CA that is internal to your own organization. Certificates must be signed by a globally trusted CA.

  • Minimum encryption of RSA-2048 or ECDSA-256 is required.

  • The certificate must be valid.

  • You can use wildcard and Subject Alternative Name (SAN) certificates, but they must match the domain name.

  • When reimporting a certificate, the key type and size cannot be changed.

Steps

  1. Go to Settings → Domains.

  2. Click Add an SSL certificate.

  3. Enter the following information:

    • Private key. A PEM-encoded unencrypted private key that matches the certificate’s public key.

    • Certificate. A PEM-encoded certificate to import.

    • Intermediate certificates. A PEM-encoded certificate chain. Do not include the end-entity certificate.

  4. Click Save.