If the current signing certificate for your identity provider (IdP) is nearing expiration, you can replace it with a new certificate.
If you want to create a new signing certificate to use for your IdP, see Create a signing certificate.
You can update a signing certificate for the following IdPs:
- Microsoft AD FS
- a custom SAML provider
If the certificate in question is the PingOne for Enterprise universal certificate, you do not need to update this certificate if you're using any other identity repository.
If your connection from PingFederate to PingOne for Enterprise is a managed connection, you must manually upload the new signing certificate to PingFederate Bridge. This is only needed if PingOne for Enterprise is signing the AuthnRequest to PingFederate. For more information, see Importing a certificate and its private key in the PingFederate documentation.
- In the PingOne for Enterprise admin console, go to .
- In the list of certificates, expand the certificate you want to expand.
and then click the name of the IdP.
The Certificate Update dialog appears.
- In the Select a Signing Certificate list, select a new certificate to use for the IdP connection.
The Certificates Successfully Updated dialog confirms that the certificate renewal was successful.
- Click Okay.