This task describes how to export certificates and their private keys. Supported certificate and private key formats differ depending on whether you are running PingFederate with BCFIPS enabled or disabled.
  • Certificate and private key format:
    • In non-BCFIPS mode, when the Certificate and Private Key option is selected, a Format field displays allowing you to choose between exporting a PKCS12 or a PEM formatted certificate and private key.
    • In BCFIPS mode, you can only export PEM-formatted certificates and private keys.

      If you need to convert from PEM to PKCS12 format, use the following command:

      openssl pkcs12 -export -inkey keypair.pem -in keypair.pem -out keypair.p12

  • Password requirement:
    • In BCFIPS mode, the password must contain at least 14 characters.
  1. On the SSL Client Keys & Certificates window, select Export for the certificate.
  2. On the Export Certificate tab, select the export type.
    • Select Certificate Only to export the selected certificate without its private key. This is the default choice.
    • Select Certificate and Private Key to export the selected certificate with its private key. If you are not running in BCFIPS mode, the Format section appears, and you must select either PKCS12 or PEM.

      You must also enter and confirm an Encryption Password, since this export contains the private key of the certificate.

      If the selected certificate is stored in a hardware security module (HSM), the Certificate and Private Key option does not apply.

  3. On the Export & Summary window, click Export to save the certificate file, and then click Done.