PingFederate Server

Link and store CloudHSM keys

You can link private keys stored in Amazon Web Services (AWS) CloudHSM with their certificates in PingFederate’s Java keystore.

This allows you to use existing private key and certificate pairs associated with your CloudHSM instance in PingFederate.

You can use this feature to store:

  • Signing key pairs

  • Server key pairs

  • Client key pairs

Steps

  1. Go to Security > Certificate & Key Management > Signing & Decryption Keys & Certificates.

  2. Click Link. This opens the Link Certificate tab.

    The Link button only displays when you run PingFederate in CloudHSM mode.

  3. In the Private Key ID field, paste the private key ID.

    To get this value, use the CloudHSM CLI and run the key list command. The Private Key ID is the label value for the key you want to use.

  4. Click Choose File to upload the certificate file.

  5. Click Next.

  6. On the Summary tab, click Save.

Result

The new key and certificate pair displays in the Signing & Decryption Keys & Certificates list.