Overview of signing and verification certificates
PingOne uses signing certificates to sign SSO messages sent from PingOne. Signing certificates created in PingOne are self-signed by default. You can also create a Certificate Signing Request (CSR) in PingOne and send the certificate for signing by a Certificate Authority (CA).
The PingOne universal certificate is a special case, and is used for both signing and encryption purposes.
PingOne uses verification certificates to verify the signature on SSO messages received by PingOne. Your SSO partner provides you with a primary and (optionally) a secondary verification certificate. The secondary verification certificate allows for seamless rollover of signature verification in the event that your SSO partner switches certificates. PingOne first attempts to validate a signature using the primary verification certificate. If verification fails, PingOne will then attempt to use the secondary verification certificate, where defined.
| Verification certificates are not supported for applications using SAML v1.1 |