---
title: Create a signing certificate
description: You can create signing certificates for use with multiplexed SAML applications or with manually configured customer IdP connections.
component: pingoneforenterprise
page_id: pingoneforenterprise:pingone_sso_for_saas_apps:p14saas_create_signing_certificate
canonical_url: https://docs.pingidentity.com/pingoneforenterprise/pingone_sso_for_saas_apps/p14saas_create_signing_certificate.html
revdate: December 23, 2021
section_ids:
  about-this-task: About this task
  steps: Steps
  result: Result:
  result-2: Result:
---

# Create a signing certificate

You can create signing certificates for use with multiplexed SAML applications or with manually configured customer IdP connections.

## About this task

|   |                                                                                                                                                                            |
| - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | You cannot use signing certificates with non-multiplexed SAML applications because the signing certificate is specified when the connection to the application is created. |

To create a new signing certificate, specify the certificate settings and the certificate key settings. You can also use the signing certificate to create a certificate signing request (CSR).

|   |                                                                                                                                                       |
| - | ----------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | Security is a function of the combination of algorithm and key size. A larger key size provides higher security but may take longer to sign messages. |

## Steps

1. In the PingOne admin portal, click **Setup > Certificates**.

2. Click **+Certificate** to add a new signing certificate.

   ### Result:

   Required fields are highlighted.

3. In the Certificate Settings section, enter the certificate information:

   * **Common name**. The common name (CN) identifying the certificate.

   * **Organization**. The organization (O) or company name creating the certificate.

   * **Organizational Unit**. The specific unit within the organization (OU).

   * **City**. The city or other primary location (L) where your organization operates.

   * **State**. The state (ST) or other political unit encompassing the location.

   * **Country**. The two letter ISO code for the country where your organization is located (such as, US, GB).

   * Select **Make certificate default** to make this the default certificate for new application connections.

4. Specify the certificate key settings:

   * **Validity** (days). The number of days until the certificate expires (defaults to 365).

   * **Key Algorithm**. The algorithm used to generate a key (RSA or ECC). Defaults to RSA.

   * **Key Size** (bits). The number of bits used in the key (defaults to 2048).

   * **Signature Algorithm**. The algorithm used to generate a signature (defaults to RSA SHA256).

5. Click **Save**.

   ### Result:

   The certificate appears in the certificates list.