PingOne for Enterprise

Updating a signing certificate for an identity repository

If the current signing certificate for your identity provider (IdP) is nearing expiration, you can replace it with a new certificate.

Before you begin

If you want to create a new signing certificate to use for your IdP, see Create a signing certificate.

About this task

You can update a signing certificate for the following IdPs:

  • PingFederate

  • Microsoft AD FS

  • a custom SAML provider

If the certificate in question is the PingOne for Enterprise universal certificate, you do not need to update this certificate if you’re using any other identity repository.

If your connection from PingFederate to PingOne for Enterprise is a managed connection, you must manually upload the new signing certificate to PingFederate Bridge. This is only needed if PingOne for Enterprise is signing the AuthnRequest to PingFederate. For more information, see Importing a certificate and its private key in the PingFederate documentation.

Steps

  1. In the PingOne for Enterprise admin console, go to Setup → Certificates.

  2. In the list of certificates, expand the certificate you want to expand.

  3. Click Usage, and then click the name of the IdP.

    Result:

    The Certificate Update dialog appears.

  4. In the Select a Signing Certificate list, select a new certificate to use for the IdP connection.

  5. Click Save.

    Result:

    The Certificates Successfully Updated dialog confirms that the certificate renewal was successful.

  6. Click Okay.