If the current signing certificate for your identity provider (IdP) is nearing expiration, you can replace it with a new certificate.
If you want to create a new signing certificate to use for your IdP, see Create a signing certificate.
You can update a signing certificate for the following IdPs:
- PingFederate
- Microsoft AD FS
- a custom SAML provider
If the certificate in question is the PingOne for Enterprise universal certificate, you do not need to update this certificate if you're using any other identity repository.
If your connection from PingFederate to PingOne for Enterprise is a managed connection, you must manually upload the new signing certificate to PingFederate Bridge. This is only needed if PingOne for Enterprise is signing the AuthnRequest to PingFederate. For more information, see Importing a certificate and its private key in the PingFederate documentation.