Updating a verification certificate - PingOne for Enterprise

PingOne for Enterprise
bundle
pingoneforenterprise
ft:publication_title
PingOne for Enterprise
Product_Version_ce
PingOne for Enterprise
category
Product
pingone
ContentType_ce

In the event that a verification certificate expires or is about to expire, you must update it.

You can update:

  • An application verification certificate using SAML 2.0 or later
  • A verification certificate associated with an identity provider (IdP)

Updating an application verification certificate

When a verification certificate expires or is about to expire, generally you must upload a new verification certificate.

  1. In the PingOne for Enterprise admin portal, go to Setup > Certificates.
  2. Expand the relevant certificate and click the Usage tab.
  3. Click the application for which you need to update the verification certificate.

    The Replace Primary Certificate popup window opens, prompting you to upload the new verification certificate.

    Note:

    If the certificate is used as a secondary verification certificate, the popup window is called Replace Secondary Certificate.

  4. Click Choose File and browse to the location of the new verification certificate.

    A message is displayed to indicate the certificate has been successfully updated for the application.

Updating an identity repository verification certificate

You can update a verification certificate for a PingFederate Bridge manual connection, Microsoft Active Directory Federation Services (AD FS), or a custom SAML identity repository. If a verification certificate expires or is about to expire, you must obtain an updated certificate from the identity repository.

If a secondary certificate is defined and you have not yet received an updated primary verification certificate, PingOne for Enterprise can validate a signature using the secondary certificate.

In most cases, you must replace the primary verification certificate with the secondary verification certificate. Do this when your single sign-on (SSO) partner confirms they are no longer signing messages with the certificate previously assigned as the primary verification certificate.

  1. In the PingOne for Enterprise admin portal, go to Setup > Certificates.
  2. Expand the relevant certificate and click the Usage tab.
  3. Click the identity repository for which you need to update the verification certificate.

    The Replace Primary Certificate popup window opens, prompting you to upload the new verification certificate.

    Note:

    If the certificate is used as a secondary verification certificate, the popup window is called Replace Secondary Certificate.

  4. Click Choose File and go to the location of the new verification certificate.

    A message opens to indicate the certificate has been successfully updated for the identity repository.

The identity repository is updated with the new verification certificates.