Configuring a trusted certificate in PingDirectory - PingDirectory - PingFederate

Use Cases

bundle
solution-guides
ft:publication_title
Use Cases
Product_Version_ce
category
ContentType
howtodoc
ContentType_ce
How-to

Configure a trusted certificate using components of PingDirectory such as the config directory and the dsconfig utility.

To configure a trusted certificate in PingDirectory, you must replace the default self-signed certificate in the keystore with the trusted certificate. You must ensure that the referenced certificate files are in PEM certificate format.

  1. On the PingDirectory server in the installed directory, execute the following command.
    bin/manage-certificates change-certificate-alias \
    > --keystore config/keystore \
    > --keystore-password-file config/keystore.pin \
    > --current-alias server-cert \
    > --new-alias server-cert-prev
    # Initializing the server's encryption framework...
    Successfully changed the alias from 'server-cert' to 'server-cert-prev'.
  2. Import the new trusted certificate to the keystore with the server-cert alias.
    bin/manage-certificates import-certificate \
    > --keystore config/keystore \
    > --keystore-password-file config/keystore.pin \
    > --alias server-cert \
    > --private-key-file demo.ping-eng.key \
    > --certificate-file demo.ping-eng.pem \
    > --certificate-file intermediate.crt
    # Initializing the server's encryption framework...
    
    The following certificate chain will be imported into the keystore, along with
    a private key, into alias 'server-cert':
    
    < Certificate Displayed Here >
    
    Do you want to import this certificate chain into the keystore? yes
    Successfully imported the certificate chain and its associated private key.
The trusted certificate is installed for use by the PingDirectory LDAPS Listener. IdentityIQ can now connect to PingDirectory over LDAPS.