PingOne for Enterprise

Updating a verification certificate

In the event that a verification certificate expires or is about to expire, you must update it.

You can update:

  • An application verification certificate using SAML 2.0 or later

  • A verification certificate associated with an identity provider (IdP)

  • Application Certificate

  • IdP Certificate

Updating an application verification certificate

About this task

When a verification certificate expires or is about to expire, generally you must upload a new verification certificate.

Steps

  1. In the PingOne for Enterprise admin portal, go to Setup → Certificates.

  2. Expand the relevant certificate and click the Usage tab.

  3. Click the application for which you need to update the verification certificate.

    Result:

    The Replace Primary Certificate popup window opens, prompting you to upload the new verification certificate.

    If the certificate is used as a secondary verification certificate, the popup window is called Replace Secondary Certificate.

  4. Click Choose File and browse to the location of the new verification certificate.

    Result:

    A message is displayed to indicate the certificate has been successfully updated for the application.

Updating an identity repository verification certificate

About this task

You can update a verification certificate for a PingFederate Bridge manual connection, Microsoft Active Directory Federation Services (AD FS), or a custom SAML identity repository. If a verification certificate expires or is about to expire, you must obtain an updated certificate from the identity repository.

If a secondary certificate is defined and you have not yet received an updated primary verification certificate, PingOne for Enterprise can validate a signature using the secondary certificate.

In most cases, you must replace the primary verification certificate with the secondary verification certificate. Do this when your single sign-on (SSO) partner confirms they are no longer signing messages with the certificate previously assigned as the primary verification certificate.

Steps

  1. In the PingOne for Enterprise admin portal, go to Setup → Certificates.

  2. Expand the relevant certificate and click the Usage tab.

  3. Click the identity repository for which you need to update the verification certificate.

    Result:

    The Replace Primary Certificate popup window opens, prompting you to upload the new verification certificate.

    If the certificate is used as a secondary verification certificate, the popup window is called Replace Secondary Certificate.

  4. Click Choose File and go to the location of the new verification certificate.

    Result:

    A message opens to indicate the certificate has been successfully updated for the identity repository.

Result

The identity repository is updated with the new verification certificates.