PingOne Advanced Services

Creating and updating virtual hosts

You and your administrators can create and update virtual host certificates and TLS configurations yourselves using the administrative API. Learn more about using the API in Using the PingOne Advanced Services administrative API.

Virtual host configurations are automatically replicated to child regions in PingOne Advanced Services for the following applications:

  • PingFederate

  • PingFederate Admin API

  • PingAccess

  • PingAccess Admin API

  • PingAccess Agents

  • PingDirectory

  • Delegated Admin

Supported functions include:

  • Create/List/Update/Delete configurations

    With the CREATE certificates route, the certificate and key must be formatted into a single line with line-break characters.

    Linux/Unix:

    awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' "cert_or_pkey.pem" | pbcopy

    Windows PowerShell or PowerShell Core:

    (Get-Content -Raw -Path "cert_or_pkey.pem") -replace "`r?`n", '\n' | Set-Clipboard

    The GET certificates route does not return the certificate’s fullchain and private key. It is up to the user to keep track of that information.

    Also note that after you create or update a configuration, it will take some time for the virtual host to become available.

  • Rollback configurations

    Configurations can only be rolled back once. Then the configuration needs to be updated again at least once before rollback will succeed again.

    Rollback routes also support an optional dry_run query parameter. Setting it to true in a request gets the expected version after rollback, but does not do the rollback.

Limitations include:

  • You cannot currently create or update the following items yourself. Submit a service request instead.

    • MTLS configurations

    • Configurations that need custom annotations, such as “cors-all-origin”

    • Private Ingress configurations

    • EC or ECC TLS certificates

  • You cannot currently create or update PingFederate Admin UI or the PingAccess Admin UI in PingOne Advanced Services.