Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Issuing the token-signing certificate

Updated on November 10, 2021
Pega Robot Studio v21 Preview

A token-signing certificate, issued by a certificate authority, provides a quick way to verify if your private key is compromised. Different certificate authorities have different processes for generating a certificate with a private key.

Typically, a certificate request is issued from IIS and then uploaded to the certificate authority through their website. The certificate authority’s response is then imported back into IIS from the same computer that issued the request. This completes the transaction. Some certificate authorities have their own software package that you install on your system and use to request and generate a certificate.

For security, it is generally the computer that intends to use the certificate that makes certificate requests, so the private key does not need to be exported or transmitted.

To use a certificate generated on a different computer than the one hosting the Security Token Service, you must perform the following tasks:

Issuing the certificate

  1. Export the certificate with its private key.
  2. Choose a temporary password to encrypt the private key contents.
  3. Import the key to the computer that is hosting the Security Token Service in the Local Machine Personal certificate store using the Microsoft Management Console (MMC.exe).

    Your next step depends on where you created the certificate:

    • If you created the certificate from the server, continue with Installing the Security Token Service.
    • If you are not creating the certificate from the server, perform the steps in Using a Windows environment to export the key.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us