1. On the agent web server, update the agent.properties file to add the new CA certificate.
    1. Concatenate the old and new CA certificates in PEM encoding format into a new file.
    2. Encode the contents of the file to Base64.
    3. Open the agent.properties file and set the value of the agent.engine.configuration.bootstrap.truststore line to the encoded content.
      agent.engine.configuration.bootstrap.truststore=<Encoded_content>
  2. Restart the agent web server.
  3. Update the PingAccess configuration to use a new server certificate signed by the new CA for the agent HTTPS listener.
    1. Identify a key pair to use. If necessary, create a new key pair.

      Learn more in Generating new key pairs.

    2. Generate a CSR for that key pair.
    3. Submit that CSR to the new CA to get a new signed certificate.
    4. Import the CSR response (the new certificate) into PingAccess.

      Learn more in Importing certificates.

    5. Assign the key pair to the agent HTTPS listener.