Exporting certificates - PingFederate - 11.1

PingFederate Server

bundle
pingfederate-111
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.1
category
Administrator
Audience
Capability
DeploymentMethod
Product
SingleSignonSSO
Software
SystemAdministrator
pf-111
pingfederate
ContentType_ce

On the Signing & Decryption Keys & Certificates window, you can export a certificate with or without its private key.

This task describes how to export certificates and their private keys. Supported certificate and private key formats differ depending on whether you are running PingFederate with BCFIPS enabled or disabled.
  • Certificate and private key format:
    • In non-BCFIPS mode, when the Certificate and Private Key option is selected, a Format field displays allowing you to choose between exporting a PKCS12 or a PEM formatted certificate and private key.
    • In BCFIPS mode, you can only export PEM-formatted certificates and private keys.

      If you need to convert from PEM to PKCS12 format, use the following command:

      openssl pkcs12 -export -inkey keypair.pem -in keypair.pem -out keypair.p12

  • Password requirement:
    • In BCFIPS mode, the password must contain at least 14 characters.
  1. On the Signing & Decryption Keys & Certificates window, select Export for the certificate.
  2. On the Export Certificate tab, select the export type.
    • Select Certificate Only to export the selected certificate without its private key. This is the default choice.
    • Select Certificate and Private Key to export the selected certificate with its private key. If you are not running in BCFIPS mode, the Format section appears, and you must select either PKCS12 or PEM.

      You must also enter and confirm an Encryption Password, since this export contains the private key of the certificate.

      If the selected certificate is stored in a hardware security module (HSM), the Certificate and Private Key option does not apply.

  3. On the Export & Summary window, click Export to save the certificate file, and then click Done.