PingCentral

Configuring MTLS

To use mutual TLS (MTLS) for Admin API authentication, import a client TLS key pair. If you’re running PingCentral in FIPS-compliant mode, you’ll import a .pem file, as .p12 files are not allowed.

Steps

  1. Select the Security tab, expand the menu, and select Client TLS Key Pair.

  2. Click Import Key Pair.

  3. On the Import Key Pair page, click Choose PKCS12 or PEM File and select the .p12 or .pem file to upload it.

  4. In the File Password field, enter the password to the key store file.

    If you’re running PingCentral in FIPS-compliant mode, your password must be at least 14 characters long, and the RSA key must be at least 2048 bits.

  5. In the Alias field, specify the alias of the certificate in the key store file that you want to use, if required.

  6. In the Key Password field, enter the password for the selected certificate if the PKCS12 file requires a separate password for the key.

  7. Click Import.