PingFederate administrative users can manage keys and certificates for various purposes.
The PingFederate administrative console provides a suite of configuration wizards for administrators to manage keys and certificates. Tasks include:
- Managing trusted certificate authorities (CAs)
- Managing server certificates for the administrative port and runtime ports
- Managing client certificates for mutual TLS authentication
- Managing signing and decryption keys and certificates
- Managing OAuth and OpenID Connect keys
- Managing certificates from partners
- Configuring certificate revocation settings
- Managing partner metadata URLs
- Rotating system keys
You can configure PingFederate to use a hardware security module (HSM) for cryptographic material storage and operations. Standards such as the Federal Information Processing Standard (FIPS) 140-2 require the storage and processing of all keys and certificates on a certified cryptographic module.
Management of keys and certificates is restricted to administrative users with the Crypto Admin administrative role (see Administrative accounts).
See subsequent topics for configuration steps.