---
title: Designating default keys
description: Learn how to designate default signing and encryption keys in PingOne to ensure secure communication and token integrity.
component: pingone
page_id: pingone:settings:p1_designate_default_keys
canonical_url: https://docs.pingidentity.com/pingone/settings/p1_designate_default_keys.html
revdate: November 9, 2023
keywords: ["default keys", "designate default keys", "signing key", "encryption key", "certificate management"]
section_ids:
  steps: Steps
  result: Result
---

# Designating default keys

When you create an environment, PingOne includes a default signing key and default encryption key. You can designate different keys as the default signing key and default encryption key if needed. For example, if an existing key expires, you can designate a different key as default.

## Steps

1. In the PingOne admin console, go to **Settings > Certificates and Key Pairs**.

2. On the **Key Pairs** tab, browse or search for the key pair you want to set as the default.

   ![A screenshot of the view of the certificates page.](_images/p1-cert-keypairs-page-keypair-tab.png)

3. Click the key pair to open the details panel.

4. Do one of the following:

   * For a signing key, click **Make Default Signing Key**. In the confirmation message, click **Continue**.

   * For an encryption key, click **Make Default Encryption Key**. In the confirmation message, click **Continue**.

     |   |                                              |
     | - | -------------------------------------------- |
     |   | You can't set an expired key as the default. |

## Result

The default key is indicated with a **Default** label.