--- title: Create a signing certificate description: To create a new signing certificate, you specify the certificate settings and the certificate key settings. component: pingoneforenterprise page_id: pingoneforenterprise:pingone_for_enterprise:p14e_create_signing_certificate canonical_url: https://docs.pingidentity.com/pingoneforenterprise/pingone_for_enterprise/p14e_create_signing_certificate.html revdate: December 13, 2021 section_ids: about-this-task: About this task steps: Steps result: Result: --- # Create a signing certificate To create a new signing certificate, you specify the certificate settings and the certificate key settings. ## About this task You can also use the signing certificate to create a CSR. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------- | | | Security is a function of the combination of algorithm and key size. A larger key size provides higher security but may take longer to sign messages. | ## Steps 1. In the PingOne for Enterprise admin portal, go to **Setup > Certificates**. 2. Click **+Add > Create Certificate**. 3. Under the **Certificate Settings** tab, enter the certificate information: * **Common name**. The common name (CN) identifying the certificate. * **Organization**. The organization (O) or company name creating the certificate. * **Organizational Unit**. The specific unit within the organization (OU). * **City**. The city or other primary location (L) where your organization operates. * **State**. The state (ST) or other political unit encompassing the location. * **Country**. The two-letter ISO code for the country where your organization is located (such as US, GB, CA). * Select **Make certificate default** to make this the default certificate for new application connections. 4. Specify the certificate key settings: * **Validity (Days)**. The number of days until the certificate expires (defaults to 365). * **Key Algorithm**. The algorithm used to generate a key (RSA or ECC). Defaults to RSA. * **Key Size (Bits)**. The number of bits used in the key. Defaults to 2048. * **Signature Algorithm**. The algorithm used to generate a signature. Defaults to RSA SHA256. 5. Click **Save**. ### Result: The certificate appears in the certificate list.