Updating an identity repository verification certificate
About this task
You can update a verification certificate for a PingFederate Bridge manual connection, Microsoft Active Directory Federation Services (AD FS), or a custom SAML identity repository. If a verification certificate expires or is about to expire, you must obtain an updated certificate from the identity repository.
If a secondary certificate is defined and you have not yet received an updated primary verification certificate, PingOne for Enterprise can validate a signature using the secondary certificate.
In most cases, you must replace the primary verification certificate with the secondary verification certificate. Do this when your single sign-on (SSO) partner confirms they are no longer signing messages with the certificate previously assigned as the primary verification certificate.
Steps
-
In the PingOne for Enterprise admin portal, go to Setup > Certificates.
-
Expand the relevant certificate and click the Usage tab.
-
Click the identity repository for which you need to update the verification certificate.
Result:
The Replace Primary Certificate popup window opens, prompting you to upload the new verification certificate.
If the certificate is used as a secondary verification certificate, the popup window is called Replace Secondary Certificate.
-
Click Choose File and go to the location of the new verification certificate.
Result:
A message opens to indicate the certificate has been successfully updated for the identity repository.
Result
The identity repository is updated with the new verification certificates.