Use the GET /sp/idpConnections/{{idpId}}/credentials/certs endpoint to retrieve the IdP connection certificates. If the certificate’s activeVerificationCert flag is set to true, it will become the connection’s primary verification certificate.
| Parameter | Value | Description |
|---|---|---|
| idpId | string(required) | ID of IdP Connection to update. |
| Code | Reason |
|---|---|
| 200 | Success. |
| 403 | PingFederate does not have its SP role enabled. Operation not available. |
| 404 | Resource not found. |
ConnectionCerts - The certificates used for signature verification and XML encryption.
| Property | Type | Description |
|---|---|---|
| items | array[ConnectionCert] | The actual list of certificates. |
ConnectionCert - A certificate used for signature verification or XML encryption.
| Property | Type | Description |
|---|---|---|
| activeVerificationCert | boolean | Indicates whether this is an active signature verification certificate. |
| certView | CertView | Certificate details. This property is read-only and is always ignored on a POST or PUT. |
| encryptionCert | boolean | Indicates whether to use this cert to encrypt outgoing assertions. Only one certificate in the collection can have this flag set. |
| primaryVerificationCert | boolean | Indicates whether this is the primary signature verification certificate. Only one certificate in the collection can have this flag set. |
| secondaryVerificationCert | boolean | Indicates whether this is the secondary signature verification certificate. Only one certificate in the collection can have this flag set. |
| x509File * | X509File | The certificate data. This property must always be supplied on a POST or PUT. |
CertView - Certificate details.
| Property | Type | Description |
|---|---|---|
| cryptoProvider | CryptoProvider | Cryptographic Provider. This is only applicable if Hybrid HSM mode is true. |
| expires | string | The end date up until which the item is valid, in ISO 8601 format (UTC). |
| id | string | The persistent, unique ID for the certificate. |
| issuerDN | string | The issuer’s distinguished name. |
| keyAlgorithm | string | The public key algorithm. |
| keySize | integer | The public key size. |
| serialNumber | string | The serial number assigned by the CA. |
| sha1Fingerprint | string | SHA-1 fingerprint in Hex encoding. |
| sha256Fingerprint | string | SHA-256 fingerprint in Hex encoding. |
| signatureAlgorithm | string | The signature algorithm. |
| status | CertificateValidity | Status of the item. |
| subjectAlternativeNames | array[string] | The subject alternative names (SAN). |
| subjectDN | string | The subject’s distinguished name. |
| validFrom | string | The start date from which the item is valid, in ISO 8601 format (UTC). |
| version | integer | The X.509 version to which the item conforms. |
X509File - Encoded certificate data.
| Property | Type | Description |
|---|---|---|
| cryptoProvider | CryptoProvider | Cryptographic Provider. This is only applicable if Hybrid HSM mode is true. |
| fileData * | string | The certificate data in PEM format. New line characters should be omitted or encoded in this value. |
| id | string | The persistent, unique ID for the certificate. It can be any combination of [a-z0-9._-]. This property is system-assigned if not specified. |