You can import certificates and their private keys in the SSL Server Certificates window.
- Certificate and private key format:
- In non-BCFIPS mode, we support PKCS12 and PEM formatted certificates and private keys, and automatically detect the format between PKCS12 and PEM.
- In BCFIPS mode, we only support PEM formatted certificate and private keys. Only PBES2 and AES or Triple DES encryption is accepted and 128-bit salt is required. In practice, this may mean that only PEM files generated by PingFederate can be imported.
- For PEM, the private key must precede the certificates.
- Password requirement:
- In BCFIPS mode, the password must contain at least 14 characters.
- On the SSL Server Certificates window, click Import.
On the Import Certificate window, choose the applicable
certificate file and enter its password.
If PingFederate is integrated with a hardware security module (HSM) from Thales, you cannot use an elliptic curve (EC) certificate as an SSL server certificate. You must select a certificate that uses the RSA key algorithm.
If PingFederate is integrated with an HSM in hybrid mode, select the
storage facility of the certificate from the Cryptographic
- Select HSM to store the certificate in the HSM.
- Select Local Trust Store to store the certificate in the local trust store managed by PingFederate.
- On the Summary window, review your configuration, amend as needed, and click Save.