You can import your federation partner's CA certificate or self-signed certificates into PingFederate's global trust list on the Security > Trusted CAs screen. If the certificate authority (CA) is not one of the major authorities, you may also need to import the certificate from the CA that signed the partner certificate.

Note:

If a required CA certificate is already available from the Java runtime, it is not necessary to import the same certificate into the PingFederate store.

Importing a certificate

  1. On the Trusted CAs screen, click Import.
  2. On the Import Certificate screen, choose the applicable certificate file.

    If PingFederate is integrated with an HSM from Thales in hybrid mode, select the storage facility of the certificate from the Cryptographic Provider list.

    • Select HSM to store the certificate in the HSM.
    • Select Local Trust Store to store the certificate in the local trust store managed by PingFederate.
  3. On the Summary screen, review your configuration, amend as needed, and click Save.

Exporting a certificate

  1. On the Trusted CAs screen, select Export under Action for the certificate.
  2. On the Export Certificate screen, click Next.
  3. On the Export & Summary screen, click Export to save the certificate file and then click Done.

Reviewing a certificate

  1. On the Trusted CAs screen, select the certificate by its serial number.
  2. Review the selected certificate in the pop-up window.

    When finished, close the pop-up window.

Removing a certificate

  1. On the Trusted CAs screen, select Delete under Action for the certificate.

    To cancel the removal request, select Undelete under Action for the certificate.

  2. Click Save to confirm your action.