The PingFederate administrative console provides a suite of configuration wizards for administrators to manage keys and certificates for various purposes. Tasks includes:
- Manage trusted certificate authorities (CAs)
- Manage server certificates for the administrative port and runtime ports
- Manage client certificate for mutual TLS authentication
- Manage signing and decryption keys and certificates
- Manage OAuth and OpenID Connect keys
- Manage certificates from partners
- Configure certificate revocation settings
- Manage partner metadata URLs
- Rotate system keys
For optimal security, PingFederate can be configured to use a hardware security module (HSM) for cryptographic material storage and operations. Standards such as the Federal Information Processing Standard (FIPS) 140-2 require the storage and processing of all keys and certificates on a certified cryptographic module.
Management of keys and certificates is restricted to administrative users with the Crypto Admin administrative role (see Administrative accounts).
Refer to subsequent topics for configuration steps.