Updating a verification certificate
In the event that a verification certificate expires or is about to expire, you must update it.
You can update:
-
An application verification certificate using SAML 2.0 or later
-
A verification certificate associated with an identity provider (IdP)
-
Application Certificate
-
IdP Certificate
Updating an application verification certificate
About this task
When a verification certificate expires or is about to expire, generally you must upload a new verification certificate.
Steps
-
In the PingOne for Enterprise admin portal, go to Setup → Certificates.
-
Expand the relevant certificate and click the Usage tab.
-
Click the application for which you need to update the verification certificate.
Result:
The Replace Primary Certificate popup window opens, prompting you to upload the new verification certificate.
If the certificate is used as a secondary verification certificate, the popup window is called Replace Secondary Certificate.
-
Click Choose File and browse to the location of the new verification certificate.
Result:
A message is displayed to indicate the certificate has been successfully updated for the application.
Updating an identity repository verification certificate
About this task
You can update a verification certificate for a PingFederate Bridge manual connection, Microsoft Active Directory Federation Services (AD FS), or a custom SAML identity repository. If a verification certificate expires or is about to expire, you must obtain an updated certificate from the identity repository.
If a secondary certificate is defined and you have not yet received an updated primary verification certificate, PingOne for Enterprise can validate a signature using the secondary certificate.
In most cases, you must replace the primary verification certificate with the secondary verification certificate. Do this when your single sign-on (SSO) partner confirms they are no longer signing messages with the certificate previously assigned as the primary verification certificate.
Steps
-
In the PingOne for Enterprise admin portal, go to Setup → Certificates.
-
Expand the relevant certificate and click the Usage tab.
-
Click the identity repository for which you need to update the verification certificate.
Result:
The Replace Primary Certificate popup window opens, prompting you to upload the new verification certificate.
If the certificate is used as a secondary verification certificate, the popup window is called Replace Secondary Certificate.
-
Click Choose File and go to the location of the new verification certificate.
Result:
A message opens to indicate the certificate has been successfully updated for the identity repository.
Result
The identity repository is updated with the new verification certificates.