---
title: Importing a certificate and key pair
description: Add an imported key pair and certificate to use as a signing certificate for PingOne SSO for SaaS Apps.
component: pingoneforenterprise
page_id: pingoneforenterprise:pingone_sso_for_saas_apps:p14saas_importing_certificate_key_pair
canonical_url: https://docs.pingidentity.com/pingoneforenterprise/pingone_sso_for_saas_apps/p14saas_importing_certificate_key_pair.html
revdate: April 13, 2023
section_ids:
  about-this-task: About this task
  steps: Steps
---

# Importing a certificate and key pair

Add an imported key pair and certificate to use as a signing certificate for PingOne SSO for SaaS Apps.

## About this task

The imported certificate file must meet the following criteria:

* The certificate file must be a PKCS12 file in `.p12` or `.pfx` format

* The certificate must have a key length of 2048 bits or greater

* The certificate must be encrypted using SHA-256 or better

* The certificate must not be expired

|   |                                                                                                                                   |
| - | --------------------------------------------------------------------------------------------------------------------------------- |
|   | PingOne SSO for SaaS Apps can't accept certificate files created with OpenSSL 3.0.1. Use OpenSSL 1.1.1 or LibreSSL 2.8.3 instead. |

## Steps

1. Go to **Setup > Certificates**.

2. Click **Add > Import KeyPair/Cert**.

3. In the **Password** field, enter the password used to protect the PKCS12 file.

4. **Optional:** Select the **Make certificate default** checkbox to make this the default signing certificate.

5. Drag and drop, or click **Select a file** and choose a key store file to import.

6. Click **Upload**.