PingOne Advanced Services

Creating and updating virtual hosts

You and your administrators can create and update virtual host certificates and TLS configurations yourselves using the administrative API. Learn more about using the API in Using the PingOne Advanced Services administrative API.

Platform version 2.0.0, released in December 2024, contained enhancements that made this functionality possible. If you’ve upgraded to version 2.0.0 or later, and you want to update certificates and configurations that were created when you were using an earlier platform version, we’ll need to migrate them from GitOps orchestration to the API.

A Ping Identity representative will reach out to you regarding this migration, but if you have an immediate need to update the certificates or configurations, submit a service request to have the migration done sooner.

Virtual host configurations are automatically replicated to child regions in PingOne Advanced Services for the following applications:

  • PingFederate

  • PingFederate Admin API

  • PingAccess

  • PingAccess Admin API

  • PingAccess Agents

  • PingDirectory

  • Delegated Admin

Supported functions include:

  • Create/List/Update/Delete configurations

    With the CREATE certificates route, the certificate and key must be formatted into a single line with line-break characters.

    Linux/Unix:

    awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' "cert_or_pkey.pem" | pbcopy

    Windows PowerShell or PowerShell Core:

    (Get-Content -Raw -Path "cert_or_pkey.pem") -replace "`r?`n", '\n' | Set-Clipboard
    The GET certificates route does not return the certificate’s fullchain and private key. It is up to the user to keep track of that information.

    Also note that after you create or update a configuration, it will take some time for the virtual host to become available.

  • Rollback configurations

    Configurations can only be rolled back once. Then the configuration needs to be updated again at least once before rollback will succeed again.

    Rollback routes also support an optional dry_run query parameter. Setting it to true in a request gets the expected version after rollback, but does not do the rollback.

Limitations include:

  • You cannot currently create or update the following items yourself. Submit a service request instead.

    • MTLS configurations.

    • Configurations that need custom annotations, such as annotations of Cross-Origin Resource Sharing (CORS) responses.

    • Private Ingress configurations.

    • EC or ECC TLS certificates.

  • You cannot currently create or update PingFederate Admin UI or the PingAccess Admin UI in PingOne Advanced Services.