PingCentral

Replacing the Admin Console SSL Certificate

To avoid seeing a certificate warning when you access PingCentral, replace the user-facing SSL certificate so it will no longer use the self-signed certificate.

About this task

Import your proprietary certificate into PingCentral by uploading the .p12 or .pem file that contains it. If you’re running PingCentral in FIPS-compliant mode, you’ll import a .pem file, as .p12 files are not allowed.

Steps

  1. Select the Security tab, expand the menu, and select Server TLS Key Pair.

    Result:

    The Server TLS Key Pair page displays information about the key pair, including its status and expiration date.

  2. To import a new key pair, click Import Key Pair.

  3. On the Import Key Pair page, click Choose PKCS12 or PEM File and select the .p12 or .pem file to upload.

  4. In the File Password field, enter the password to the key store file.

    If you’re running PingCentral in FIPS-compliant mode, your password must be at least 14 characters long, and the RSA key must be at least 2048 bits.

  5. In the Alias field, specify the alias of the certificate in the key store file that you want to use for the Admin Console SSL Certificate, if required.

    • If the .p12 file being imported for the TLS key pair contains a single alias, PingCentral accepts the file without requiring an alias.

    • If the .p12 file being imported for TLS key pair contains multiple aliases, PingCentral requires the alias.

  6. In the Key Password field, enter the password for the selected certificate if the PKCS12 file requires a separate password for the key.

  7. Click Import.

  8. Restart PingCentral.

    Result:

    After PingCentral restarts, you can access PingCentral without receiving a certificate warning.