You manage certificate rotation settings for self-signed certificates in the Security > Signing & Decryption Keys & Certificates screen.

  1. On the Certificate Management screen, select Certificate Rotation under Action for the applicable certificate.
    Note:

    Certificate rotation is only available to self-signed certificates.

  2. On the Enable Certificate Rotation screen, select the check box to turn on certificate rotation for the selected certificate.
    If you want to turn off certificate rotation for the selected certificate, clear the check box and then click Save.
  3. Optional: On the Certificate Rotation screen, modify the default values.
    Field Description
    Creation buffer The number of days ahead of expiry that PingFederate creates a new key pair and a new certificate.

    The default value is 25% of the original lifetime of the current certificate.

    Activation buffer The number of days ahead of expiry that PingFederate activates the certificate.

    The default value is 10% of the original lifetime of the current certificate.

    Validity The time during which the certificate is valid.

    The default value matches that of the current certificate.

    Key Algorithm A cryptographic formula used to generate a key. PingFederate uses either of two algorithms, RSA or EC.

    The default value matches that of the current certificate.

    Important:

    For XML decryption keys, PingFederate supports the RSA key algorithm only. When EC (elliptic curve) is selected as the Key Algorithm value on the Certificate Rotation screen, PingFederate does not update the SAML 2.0 connections and their metadata.

    Key Size The number of bits used in the key. (RSA-1024, 2048 and 4096; and EC-256, 384 and 521.)

    The default value matches that of the current certificate.

    Signature Algorithm The signing algorithm of the certificate. (RSA-SHA256, SHA384 and SHA512; and ECDSA-SHA256, SHA384 and SHA512.)

    The default value matches that of the current certificate.

  4. On the Certificate Rotation Summary screen, review the rotation settings. Adjust as needed or click Save to turn on automatic certificate rotation for this certificate.