Creating and updating virtual hosts

You and your administrators can create and update virtual host certificates and TLS configurations yourselves using the administrative API. Learn more about using the API in Using the PingOne Advanced Services administrative API.

Virtual host configurations are automatically replicated to child regions in PingOne Advanced Services for the following applications:

PingFederate
PingFederate Admin API
PingAccess
PingAccess Admin API
PingAccess Agents
PingDirectory
Delegated Admin

Supported functions include:

Create/List/Update/Delete configurations

With the CREATE certificates route, the certificate and key must be formatted into a single line with line-break characters.

Linux/Unix:

awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' "cert_or_pkey.pem" | pbcopy

Windows PowerShell or PowerShell Core:

(Get-Content -Raw -Path "cert_or_pkey.pem") -replace "`r?`n", '\n' | Set-Clipboard

The GET certificates route does not return the certificate’s fullchain and private key. It is up to the user to keep track of that information.

Also note that after you create or update a configuration, it will take some time for the virtual host to become available.

Rollback configurations

Configurations can only be rolled back once. Then the configuration needs to be updated again at least once before rollback will succeed again.

Rollback routes also support an optional dry_run query parameter. Setting it to true in a request gets the expected version after rollback, but does not do the rollback.

Limitations include:

You cannot currently create or update the following items yourself. Submit a service request instead.
- MTLS configurations.
- Configurations that need custom annotations, such as annotations of Cross-Origin Resource Sharing (CORS) responses.
- Private Ingress configurations.
- EC or ECC TLS certificates.
You cannot currently create or update PingFederate Admin UI or the PingAccess Admin UI in PingOne Advanced Services.