The imported certificate file must meet the following criteria:

  • The certificate file must be a PKCS12 file in .p12 or .pfx format
  • The certificate must have a key length of 2048 bits or greater
  • The certificate must be encrypted using SHA-256 or better
  • The certificate must not be expired

PingOne SSO for SaaS Apps can't accept certificate files created with OpenSSL 3.0.1. Use OpenSSL 1.1.1 or LibreSSL 2.8.3 instead.

  1. Go to Setup > Certificates.
  2. Click Add > Import KeyPair/Cert.
  3. In the Password field, enter the password used to protect the PKCS12 file.
  4. Optional: Select the Make certificate default check box to make this the default signing certificate.
  5. Drag and drop, or click Select a file and choose a key store file to import.
  6. Click Upload.