A Microsoft Azure service outage reminds us that there are underlying technologies that support our infrastructure and that they may have an expiration date. It's important to monitor your server and perform periodic maintenance for best performance.
PingFederate also relies on certificates for security: HTTPS for Identity Provider (IdP) and Service Provider (SP) connections and perhaps at your directory services (LDAPS). Certificates are also used to sign assertions and encrypt data sent in assertions. It is important to update these certificates to ensure that your Federation-enabled Single Sign-on (SSO) continues to function.
The following articles detail some common problems and their solutions relating to certificates:
New SSL certificate not trusted by Firefox web browser After replacing an expired SSL certificate within PingFederate with a new one generated and signed by an intermediate Verisign certificate authority, it was not trusted by Firefox web browsers (Internet Explorer worked, however).
Certificate Error - Unable to import the keys from the selected file During the process of updating an expired SSL server certificate, a CSR Response was generated by the certificate authority. When attempting to import the CSR Response, the following error message was generated: I/O Error occurred while importing the file. Unable to import the keys from the selected file. PKCS12 keys are supported.
A newly created/imported Digital Signing Certificate is not available in the drop-down list When PingFederate is communicating with itself (IdP and SP Connections on same server, as when using the Salesforce Connector, or doing internal SSO), any certificate (public/private key pair) which is created for Digital Signing must also have its public key exported as an X.509 certificate and re-imported as a Signature Verification Certificate for use in the IdP Connection(s).