PingAccess provides an interface for creating and managing key pairs, which are required for secure HTTPS communication.
A key pair includes a private key and an X.509 certificate. The certificate includes a public key and the metadata about the owner of the private key.
The user interface displays a list of existing key pairs. You can search for key pairs using the Search bar or filter the list using the Filters list.
PingAccess listens for client requests on the administrative console port and on the PingAccess engine port. To enable these ports for HTTPS, the first time you start up PingAccess, it generates and assigns a key pair for each port.
Additionally, key pairs are used by the mutual TLS site authenticator to authenticate PingAccess to a target site. When initiating communication, PingAccess presents the client certificate from a key pair to the site during the mutual TLS transaction. The site must be able to trust this certificate in order for authentication to succeed.
Ensure that the administrative console node and engines in a cluster have the same cryptographic configuration. For example, if you generate an elliptic curve key pair on the administrative console and the engines in the cluster are not configured to support elliptic curve key pairs, then the engines are not able to use that key pair for the engine HTTPS listeners or as the key pair in a mutual TLS site authenticator. Cryptographic configuration differences are often caused by having a Java cryptographic extension with limited strength providers installed. For more information, see Oracle Java documentation.