This task describes how to import certificates and their private keys. Supported certificate and private key formats differ depending on whether you are running PingFederate with BCFIPS enabled or disabled.
  • Certificate and private key format:
    • In non-BCFIPS mode, we support PKCS12 and PEM formatted certificates and private keys, and automatically detect the format between PKCS12 and PEM.
    • In BCFIPS mode, we only support PEM formatted certificate and private keys. Only PBES2 and AES or Triple DES encryption is accepted and 128-bit salt is required. In practice, this may mean that only PEM files generated by PingFederate can be imported.
    • For PEM, the private key must precede the certificates.
  • Password requirement:
    • In BCFIPS mode, the password must contain at least 14 characters.
  1. On the Signing & Decryption Keys & Certificates window, click Import.
  2. On the Import Certificate tab, choose the applicable certificate file and enter its password.
    Note:

    If PingFederate is integrated with an HSM in hybrid mode, select the storage facility of the certificate from the Cryptographic Provider list.

    • Select HSM to store the certificate in the HSM.
    • Select Local Trust Store to store the certificate in the local trust store managed by PingFederate.
  3. On the Summary window, review your configuration, amend as needed, and click Done.