1. On the agent web server, update the agent.properties file to add the new CA certificate.
    1. Concatenate the old and new CA certificates in PEM encoding format into a new file.
    2. Encode the contents of the file to Base64.
    3. Open the agent.properties file and set the value of the agent.engine.configuration.bootstrap.truststore line to the encoded content.
      agent.engine.configuration.bootstrap.truststore=<Encoded_content>=
  2. Restart the agent web server.
  3. Update the PingAccess configuration to use a new server certificate signed by the new CA for the agent HTTPS listener.
    1. Identify a key pair to use. If necessary, create a new key pair.

      For more information, see Generating new key pairs.

    2. Generate a CSR for that key pair.

      For more information, see Generating certificate signing requests.

    3. Submit that CSR to the new CA to get a new signed certificate.
    4. Import the CSR response (the new certificate) into PingAccess.

      For more information, see Importing certificates.

    5. Assign the key pair to the agent HTTPS listener.

      For more information, see Assigning key pairs to HTTPS listeners.