Generate a key pair and self-signed certificate, import a key pair from a PKCS#12 or PEM-encoded file, or delete a configured key pair.
PEM-encoded key pair files use the following format for the key and certificates:
-----BEGIN ENCRYPTED PRIVATE KEY-----
<Base64–encoded private key>
(Private Key: <domain_name.key>)
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
<Base64–encoded certificate>
(Primary SSL certificate: <domain_name.crt>)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<Base64–encoded certificate>
(Intermediate certificate: <Intermediate.crt>)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<Base64–encoded certificate>
(Root certificate: <Root.crt>)
-----END CERTIFICATE-----
Importing existing key pairs
Note:
If PingAccess is running in Federal Information Processing Standards (FIPS) mode, you can only import or export PEM-encoded key pairs. For more information, see Managing Federal Information Processing Standards (FIPS) mode.
To import a key pair from a PKCS#12 or PEM-encoded file:
Generating new key pairs
To generate a key pair and self-signed certificate:
- Click Security and then go to .
- Click + Add Key Pair.
- In the Alias field, enter an internal alias for the key pair.
- In the Common Name field, enter the common name identifying the certificate.
- Optional: If the key pair is going to be used for incoming requests on multiple hosts or multiple IP addresses, enter additional Subject Alternative Names to meet those requirements.
- In the Organization field, enter the organization or company name of the group creating the certificate.
- Optional: In the Organization Unit field, enter the unit within the organization.
- Optional: In the City field, enter the city or primary location where the organization operates.
- Optional: In the State field, enter the state or political unit where the organization operates.
- In the Country field, enter the country where the organization operates.
- In the Valid Days field, enter the number of days that the certificate is valid.
- Optional: In the Selected HSM list, select a hardware security module to store the key pair in.
-
In the Key Algorithm section, select an algorithm:
- In the Key Size list, select the number of bits in the key.
- In the Signature Algorithm list, select the signature algorithm to use for the key.
- Click Save.
Deleting key pairs
Note:
If a key pair is currently in use, you cannot delete it.
- Click Security and then go to .
- Click to expand the key pair that you want to delete.
- Click the Delete icon.
- To confirm your changes, click Delete.