Updating a PingOne for Enterprise verification certificate on an unmanaged PingFederate identity bridge - PingFederate

Updating a PingOne for Enterprise verification certificate on an unmanaged PingFederate identity bridge - PingFederate - PingOne for Enterprise

How-to Guides

bundle

solution-guides

ft:publication_title

How-to Guides

Product_Version_ce

category

ContentType

howtodoc

ContentType_ce

How-to

Page created: 15 Jun 2021 |

Page updated: 16 Feb 2022

| 2 min read

Content Type How-to PingFederate Product PingOne for Enterprise

If you use an unmanaged manual PingFederate connection as the identity provider (IdP) for PingOne for Enterprise, and your certificate is about to expire, you must update your signing certificate in PingFederate and your verification certificate in PingOne for Enterprise.

Components

PingOne for Enterprise
PingFederate 10.2

In PingFederate, go to Applications > SP Connections and check whether your PingFederate connection is unmanaged. If your connection to PingOne for Enterprise is unmanaged, it's labeled SAML 2.0.

Note:

Unmanaged PingFederate connections are a legacy function. You can no longer create an unmanaged manual connection to PingFederate.

If you try to update an identity repository verification certificate for an unmanaged connection, PingOne for Enterprise generates a new activation key for use in creating a new managed connection to PingFederate. Because your user data and PingOne for Enterprise functionality depends on the settings in the existing connection, avoid creating a new connection.

In PingFederate, go to Security > Signing & Decryption Keys & Certificates.
Click Create New.
Enter values for the following required fields:
1. In the Common Name field, enter a name for the certificate.
2. In the Organization field, enter the name of your organization.
3. In the Country field, enter the country.
For more information about the certificate creation form, see Creating new certificates in the PingFederate documentation.
Click Next.
Review the certificate values. Click Save.
In the row for the certificate that you created, in the Select Action list, click Export.
Click Certificate Only and click Next.
Click Export and save the certificate.
In PingFederate, go to Setup > Certificates.
Expand the certificate currently being used for the PingFederate connection.

Tip:
To show just the verification certificates, select Verification Certificates in the filter list at the top of the page.
On the Usage tab, click PingFederate and upload the new certificate.
In PingFederate, go to Applications > SP Connections
Click the PingOne connection.
Go to Credentials > Configure Credentials > Digital Signature Settings, and in the Signing Certificate list, select the certificate that you created.
Click Save.