PingFederate automatically rotates the signing certificate used by the managed SP connection to PingOne for Enterprise.


A managed SP connection to PingOne for Enterprise is a connection created either as part of the initial setup or the System > External Systems > Connect to PingOne for Enterprise configuration wizard in PingFederate 8.0 or later.

The certificate rotation settings are as follows.

Field Values
Creation Buffer (days) 90
Activation Buffer (days) 30
Validity (days) 1095
Key Algorithm RSA
Key Size 2048
Signature Algorithm RSA SHA256

If the signing certificate should be manually rotated instead, disable automatic certificate rotation. See Managing certificate rotation settings.


After making changes, the administrative console prompts for confirmation whether to update PingOne for Enterprise or to disconnect from PingOne for Enterprise in a banner message. See Managing PingOne for Enterprise settings.