- On the SSL Server Certificates screen, click Create new.
On the Create Certificate screen, enter the required
For information about each field, refer to the following table:
Field Description Common Name The common name (CN) identifying the certificate. Subject Alternative Names The additional DNS names or IP addresses that can be associated with the certificate. Organization The organization (O) or company name creating the certificate. Organizational Unit The specific unit within the organization (OU). City The city or other primary location (L) where the company operates. State The state (ST) or other political unit encompassing the location. Country The country (C) where the company is based. Validity (days) The time during which the certificate is valid. Cryptographic Provider The storage facility of the certificate.
Applicable and visible only when PingFederate is integrated with an HSM in hybrid mode.
- Select HSM to store the certificate in the HSM.
- Select Local Trust Store to store the certificate in the local trust store managed by PingFederate.
Key Algorithm A cryptographic formula used to generate a key. PingFederate uses either of two algorithms, RSA or EC. Key Size (bits) The number of bits used in the key. (RSA-1024, 2048 and 4096; and EC-256, 384 and 521.) Signature Algorithm The signing algorithm of the certificate. (RSA-SHA256, SHA384, and SHA512; and ECDSA-SHA256, SHA384, and SHA512.)Note:
When using PingFederate Bridge with the Thales nShield Connect HSM, it is not possible to use an elliptic curve (EC) certificate as an SSL server certificate.
Select RSA and an RSA signing algorithm from the Key Algorithm list and the Signature Algorithm list, respectively.
- When finished, click Next.
- On the Summary screen, review your configuration, amend as needed, click Save to keep your configuration or click Cancel to discard it.
Page created: 19 Nov 2019 |
Page updated: 16 Jul 2020