---
title: Updating a signing certificate for an identity repository
description: If the current signing certificate for your identity provider (IdP) is nearing expiration, you can replace it with a new certificate.
component: pingoneforenterprise
page_id: pingoneforenterprise:pingone_for_enterprise:p14e_update_signing_certificate_idp
canonical_url: https://docs.pingidentity.com/pingoneforenterprise/pingone_for_enterprise/p14e_update_signing_certificate_idp.html
revdate: July 13, 2023
section_ids:
  before-you-begin: Before you begin
  about-this-task: About this task
  steps: Steps
  result: Result:
  result-2: Result:
---

# Updating a signing certificate for an identity repository

If the current signing certificate for your identity provider (IdP) *(tooltip: \<div class="paragraph">
\<p>A service that manages identity information and provides authentication services to relying clients or SPs within a federated or distributed network.\</p>
\</div>)* is nearing expiration, you can replace it with a new certificate.

## Before you begin

If you want to create a new signing certificate to use for your IdP, see [Create a signing certificate](p14e_create_signing_certificate.html).

## About this task

You can update a signing certificate for the following IdPs:

* PingFederate

* Microsoft AD FS

* a custom SAML provider

If the certificate in question is the PingOne for Enterprise universal certificate, you do not need to update this certificate if you're using any other identity repository.

|   |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
| - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | If your connection from PingFederate to PingOne for Enterprise is a managed connection, you must manually upload the new signing certificate to PingFederate Bridge. This is only needed if PingOne for Enterprise is signing the AuthnRequest to PingFederate. For more information, see [Importing a certificate and its private key](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_certmanagementtasklet_sslservercerts_certmanagementstate.html) in the PingFederate documentation. |

## Steps

1. In the PingOne for Enterprise admin console, go to **Setup > Certificates**.

2. In the list of certificates, expand the certificate you want to expand.

3. Click **Usage**, and then click the name of the IdP.

   ### Result:

   The **Certificate Update** dialog appears.

4. In the **Select a Signing Certificate** list, select a new certificate to use for the IdP connection.

5. Click **Save**.

   ### Result:

   The **Certificates Successfully Updated** dialog confirms that the certificate renewal was successful.

6. Click **Okay**.