Configure a trusted certificate using components of PingDirectory such as the config directory and the dsconfig utility.
To configure a trusted certificate in PingDirectory, you must replace the default self-signed certificate in the keystore with the trusted certificate. You must ensure that the referenced certificate files are in PEM certificate format.
On the PingDirectory server in the installed
directory, execute the following command.
bin/manage-certificates change-certificate-alias \ > --keystore config/keystore \ > --keystore-password-file config/keystore.pin \ > --current-alias server-cert \ > --new-alias server-cert-prev # Initializing the server's encryption framework... Successfully changed the alias from 'server-cert' to 'server-cert-prev'.
Import the new trusted certificate to the keystore with the server-cert
bin/manage-certificates import-certificate \ > --keystore config/keystore \ > --keystore-password-file config/keystore.pin \ > --alias server-cert \ > --private-key-file demo.ping-eng.key \ > --certificate-file demo.ping-eng.pem \ > --certificate-file intermediate.crt # Initializing the server's encryption framework... The following certificate chain will be imported into the keystore, along with a private key, into alias 'server-cert': < Certificate Displayed Here > Do you want to import this certificate chain into the keystore? yes Successfully imported the certificate chain and its associated private key.