Creating and updating virtual hosts
You and your administrators can create and update virtual host certificates and TLS configurations yourselves using the administrative API. Learn more about using the API in Using the PingOne Advanced Services administrative API.
Virtual host configurations are automatically replicated to child regions in PingOne Advanced Services for the following applications:
-
PingFederate
-
PingFederate Admin API
-
PingAccess
-
PingAccess Admin API
-
PingAccess Agents
-
PingDirectory
-
Delegated Admin
Supported functions include:
-
Create/List/Update/Delete configurations
With the CREATE certificates route, the certificate and key must be formatted into a single line with line-break characters.
Linux/Unix:
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' "cert_or_pkey.pem" | pbcopy
Windows PowerShell or PowerShell Core:
(Get-Content -Raw -Path "cert_or_pkey.pem") -replace "`r?`n", '\n' | Set-Clipboard
The GET certificates route does not return the certificate’s fullchain and private key. It is up to the user to keep track of that information. Also note that after you create or update a configuration, it will take some time for the virtual host to become available.
-
Rollback configurations
Configurations can only be rolled back once. Then the configuration needs to be updated again at least once before rollback will succeed again. Rollback routes also support an optional
dry_run
query parameter. Setting it totrue
in a request gets the expected version after rollback, but does not do the rollback.
Limitations include:
-
You cannot currently create or update the following items yourself. Submit a service request instead.
-
MTLS configurations
-
Configurations that need custom annotations, such as “cors-all-origin”
-
Private Ingress configurations
-
EC or ECC TLS certificates
-
-
You cannot currently create or update PingFederate Admin UI or the PingAccess Admin UI in PingOne Advanced Services.