--- title: Importing a key pair description: Learn how to import a key pair in PingOne. component: pingone page_id: pingone:settings:p1_import_cert_and_key_pair canonical_url: https://docs.pingidentity.com/pingone/settings/p1_import_cert_and_key_pair.html revdate: November 9, 2023 keywords: ["import key pair", "certificate management", "key pair management", "import certificate", "import private key"] section_ids: steps: Steps --- # Importing a key pair Use the **Certificates and Key Pairs** page to import a key pair for your environment. Use the **Import Key Pair** option when your use case requires cryptographic material signed or provided by an external source. This is common for scenarios such as SSL/TLS, which requires a certificate signed by a trusted Certificate Authority, or Windows passwordless authentication, which requires a key pair supplied by an Entra tenant. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you only need to quickly generate a self-signed key for standard single sign-on (SSO) needs like SAML or OAuth, and your organization doesn't require an external authority, learn more in [Creating a key pair](p1_adding_a_key_pair.html). | ## Steps 1. In the PingOne admin console, go to **Settings > Certificates and Key Pairs**. 2. On the **Key Pairs** tab, click the **Plus** icon ([icon: plus, set=fa]). ![A screenshot of the view of the certificates page.](_images/p1-cert-keypairs-page-keypair-tab.png) 3. Select **Import Key Pair**. 4. Click **Select a file** and upload the appropriate file from your local file system. 5. In the **Usage Type** list, select the applicable option: | Option | Description | | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Signing - Verification** | Used to create and validate digital signatures. Enables the certificate to sign tokens or data so that other systems can verify the signature to ensure authenticity and integrity. | | **Encryption – Decryption** | Used to securely protect sensitive data. Allows the certificate to encrypt information so only the holder of the matching private key can decrypt it. | | **SSL/TLS** | Used to secure network connections. Supports encrypted HTTPS communication, ensuring secure connections between clients and servers. | | **Issuance** | Used by certificate authorities (CAs) to sign and issue other certificates. Typically selected when the certificate will be used to generate subordinate or leaf certificates within a trust hierarchy. | 6. If you're importing a password protected PKCS12 keystore file, enter the **Password** for the file. 7. Click **Save**.