Managing certificate and key pair expiration
PingOne auto-generates new cryptographic keys every 90 days, exceeding best practices. To maintain uninterrupted service for your single sign-on (SSO) and encrypted applications, you must proactively manage the lifecycle of your certificates and key pairs. If these assets expire, authentication requests might fail, and secure connections will be dropped.
Steps
If a certificate or key pair has already expired, or is nearing its expiration date, perform the following steps:
-
In the PingOne admin console, go to Settings > Certificates and Key Pairs.
-
Click the Certificates or Key Pairs tab to identify any items marked as expired.
-
Create or import a new key pair:
-
Create a key pair: If your organization allows self-signed keys, generate a new one directly in PingOne.
-
Import a key pair: If you require a Trusted CA-signed certificate, import the new files provided by your authority.
-
-
If the expired key pair was the default key pair for your environment, designate your new key as the default.
-
Ensure any applications are updated with the new public certificate.
Setting up expiration alerts
You can configure PingOne to automatically notify your team before a certificate or key pair expires.
Steps
-
In the PingOne admin console, go to Monitoring > Alerts.
-
Click the icon and configure the following:
-
Name: A unique name for the alert.
-
Email Addresses: The addresses to which the alert will be sent. You can specify individual email addresses or mailing lists.
-
-
Alert Types: Select the event types that will trigger the alert:
Option Description Certificate Expiring
Provides an alert when a certificate will expire in 60 days.
Certificate Expired
Provides an alert when a certificate expires.
KeyPair Expiring
Provides an alert when a certificate will expire in 60 days.
KeyPair Expired
Provides an alert when a key pair expires.
-
Click Save.