Note: You cannot use signing certificates with non-multiplexed SAML applications because the signing certificate is specified when the connection to the application is created.
To create a new signing certificate, specify the certificate settings and the certificate key settings. You can also use the signing certificate to create a certificate signing request (CSR).
Note: Security is a function of the combination of algorithm and key size. A larger key size provides higher security but may take longer to sign messages.
  1. In the PingOne admin portal, click Setup > Certificates.
  2. Click +Certificate to add a new signing certificate.
    Required fields are highlighted.
  3. In the Certificate Settings section, enter the certificate information:
    • Common name. The common name (CN) identifying the certificate.
    • Organization. The organization (O) or company name creating the certificate.
    • Organizational Unit. The specific unit within the organization (OU).
    • City. The city or other primary location (L) where your organization operates.
    • State. The state (ST) or other political unit encompassing the location.
    • Country. The two letter ISO code for the country where your organization is located (such as, US, GB).
    • Select Make certificate default to make this the default certificate for new application connections.
  4. Specify the certificate key settings:
    • Validity (days). The number of days until the certificate expires (defaults to 365).
    • Key Algorithm. The algorithm used to generate a key (RSA or ECC). Defaults to RSA.
    • Key Size (bits). The number of bits used in the key (defaults to 2048).
    • Signature Algorithm. The algorithm used to generate a signature (defaults to RSA SHA256).
  5. Click Save.
    The certificate appears in the certificates list.