Importing an existing certificate and key pair - PingIntelligence for APIs

Importing an existing certificate and key pair - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-52

pingintelligence

private

ContentType_ce

To install an existing certificate, complete the following steps and import the certificate into ASE. If you have intermediate certificate from a CA, then append the content to your server .crt file.

Create the key from the existing .pem file:

openssl rsa -in private.pem -out private.key

Convert the existing .pem file to a .crt file:

openssl x509 -in server-cert.pem -out server-cert.crt

Import the key pair from step 2:

/opt/pingidentity/ase/bin/cli.sh import_key_pair private.key -u admin -p
Warning: import_key_pair will overwrite any existing certificates
Do you want to proceed [y/n]:y
Exporting key to API Security Enforcer...
OK, key pair added to keystore

Import the .crt file in ASE using the import_cert CLI command:

/opt/pingidentity/ase/bin/cli.sh import_cert server-crt.crt -u admin -p
Warning: import_cert will overwrite any existing signed certificate
Do you want to proceed [y/n]:y
Exporting certificate to API Security Enforcer...
OK, signed certificate added to keystore

Restart ASE by stopping and starting.