Importing certificates and their private keys - PingFederate - 11.2

PingFederate Server

bundle
pingfederate-112
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.2
category
Administrator
Administratorguide
Audience
Capability
ContentType
DeploymentMethod
Guide
Product
Productdocumentation
SingleSignonSSO
Software
SystemAdministrator
pf-112
pingfederate
ContentType_ce
Guide
Guide > Administrator Guide
Product documentation

You can import certificates and their private keys in the SSL Client Keys & Certificates window.

This task describes how to import certificates and their private keys. Supported certificate and private key formats differ depending on whether you are running PingFederate with BCFIPS enabled or disabled.
  • Certificate and private key format:
    • In non-BCFIPS mode, we support PKCS12 and PEM formatted certificates and private keys, and automatically detect the format between PKCS12 and PEM.
    • In BCFIPS mode, we only support PEM formatted certificate and private keys. Only PBES2 and AES or Triple DES encryption is accepted and 128-bit salt is required. In practice, this may mean that only PEM files generated by PingFederate can be imported.
    • For PEM, the private key must precede the certificates.
  • Password requirement:
    • In BCFIPS mode, the password must contain at least 14 characters.
  1. On the SSL Client Keys & Certificates window, click Import.
  2. On the Import Certificate tab, choose the applicable certificate file and enter its password.
    Note:

    If PingFederate is integrated with an HSM in hybrid mode, select the storage facility of the certificate from the Cryptographic Provider list.

    • Select HSM to store the certificate in the HSM.
    • Select Local Trust Store to store the certificate in the local trust store managed by PingFederate.
  3. On the Summary window, review your configuration, amend as needed, and click Done.