Updating a signing certificate for an identity repository - PingOne for Enterprise

PingOne for Enterprise

PingOne for Enterprise
PingOne for Enterprise

If the current signing certificate for your identity provider (IdP)identity provider (IdP)IdP A service that manages identity information and provides authentication services to relying clients or service providers (SPs) within a federated or distributed network. is nearing expiration, you can replace it with a new certificate.

If you want to create a new signing certificate to use for your IdP, see Create a signing certificate.

You can update a signing certificate for the following IdPs:

  • PingFederate
  • Microsoft AD FS
  • a custom SAML provider

If the certificate in question is the PingOne for Enterprise universal certificate, you do not need to update this certificate if you're using any other identity repository.


If your connection from PingFederate to PingOne for Enterprise is a managed connection, you must manually upload the new signing certificate to PingFederate Bridge. This is only needed if PingOne for Enterprise is signing the AuthnRequest to PingFederate. For more information, see Importing a certificate and its private key in the PingFederate documentation.

  1. In the PingOne for Enterprise admin console, go to Setup > Certificates.
  2. In the list of certificates, expand the certificate you want to expand.
  3. Click Usage, and then click the name of the IdP.

    The Certificate Update dialog appears.

  4. In the Select a Signing Certificate list, select a new certificate to use for the IdP connection.
  5. Click Save.

    The Certificates Successfully Updated dialog confirms that the certificate renewal was successful.

  6. Click Okay.