The PingFederate administrative console provides a suite of configuration wizards for administrators to manage keys and certificates. Tasks include:

  • Managing trusted certificate authorities (CAs)
  • Managing server certificates for the administrative port and runtime ports
  • Managing client certificates for mutual TLS authentication
  • Managing signing and decryption keys and certificates
  • Managing OAuth and OpenID Connect keys
  • Managing certificates from partners
  • Configuring certificate revocation settings
  • Managing partner metadata URLs
  • Rotating system keys

You can configure PingFederate to use a hardware security module (HSM) for cryptographic material storage and operations. Standards such as the Federal Information Processing Standard (FIPS) 140-2 require the storage and processing of all keys and certificates on a certified cryptographic module.


Management of keys and certificates is restricted to administrative users with the Crypto Admin administrative role (see Administrative accounts).

See subsequent topics for configuration steps.