The certificate must be valid when you add it to PingOne. You cannot add a certificate before its validity period begins (the certificate’s NotBefore date) or after it expires (the certificate’s NotAfter date). The private key must be unencrypted. You cannot upload a private key that is protected by a password or passphrase. The certificate, private key, and certificate chain must all be PEM-encoded unless uploading a pkcs12 file format.
  1. Go to Settings > Certificates and Key Pairs.
  2. Click + Add and then click Create key pair.
  3. Enter the following information:
    Common name The server name that is covered by the certificate. It is typically made up of the domain name, such as Do not use special characters (?, $, % and so on), IP addresses, port numbers, or http:// or https:// in the common name.
    Usage type Certificates can be used for signing and verification, encryption, SSL, issuance, or outbound mTLS. Select the primary usage for this certificate.
    Organization The corporation, university, or government agency that is covered by the certificate. Use the legal name under which your organization is registered. Do not abbreviate or use any of these symbols: ! @ # $ % ^ * ( ) ~ ? > < / \.
    Organization unit A division within the primary organization, such as Engineering or Human Resources. If your organization is doing business as a trade name, you can specify the trade or DBA name in this field.

    The city in which the organization is located. Do not use abbreviations. For example, spell Saint Louis rather than St. Louis.

    State The state or province in which the organization is located.

    The two-character ISO 3166-1 country code. For example, US for the United States.

    Validity days

    The number of days the key is valid, with a maximum of 730 days.

    Key algorithm The public key algorith with which to generate the public-provate key pair. Choose RSA (Rivest Shamir Adleman) or EC (Eliptic Curve).
    Key size bits The number of bits in the key's algorithm. The available values depend on the selected key algorithm.
    Signature algorithm The cryptographic algorithm used by the certification authority to sign the certificate. The available values depend on the selected key algorithm.
  4. Click Save and Finish.