PingFederate automatically rotates the signing certificate used by the managed SP connection to PingOne for Enterprise.


A managed SP connection to PingOne for Enterprise is a connection created as part of the initial setup or the System > Connect to PingOne for Enterprise configuration wizard in PingFederate 8.0 (or a more recent release).

The certificate rotation settings are as follow:

Field Values
Creation Buffer (days) 90
Activation Buffer (days) 30
Validity (days) 1095
Key Algorithm RSA
Key Size 2048
Signature Algorithm RSA SHA256

If the signing certificate should be manually rotated instead, disable automatic certificate rotation.


After making changes, the administrative console prompts for confirmation whether to update PingOne for Enterprise or to disconnect from PingOne for Enterprise in a banner message (see Managing PingOne for Enterprise settings).