In PingAccess, a Virtual Host defines the specific hostname and port that PingAccess listens on for incoming client requests. To terminate SSL/TLS for a proxied application, PingAccess must present the correct server certificate to the client. This is achieved by associating a pre-imported Key Pair (which contains the certificate and its private key) with the Virtual Host that corresponds to the application's public-facing hostname. This action configures the HTTPS listener for that specific host, enabling secure communication between the client and the PingAccess proxy.

B. Enable Require HTTPS in the Application configuration: This setting enforces that clients must use HTTPS to access the application, but it does not configure the certificate itself. The certificate must first be assigned to a listener.

C. Assign the Key Pair to the Agent Listener: Agent Listeners are for secure communication between a PingAccess Agent and the PingAccess server, not for terminating SSL from an end-user's client connection to the proxy.

D. Set the secure flag to Yes in the Site configuration: This flag configures whether PingAccess uses HTTPS to connect to the backend web server (the Site). It does not affect the client-to-PingAccess SSL termination.

---

1. Ping Identity PingAccess 7.3 Administrator's Guide, Section: Configuring virtual hosts.

Reference Detail: The guide states, "Virtual hosts define the host and port combinations that PingAccess listens on for client requests... If you want to enable HTTPS for a virtual host, you must select a key pair." This directly confirms that assigning the Key Pair to the Virtual Host is the required action.

2. Ping Identity PingAccess 7.3 Administrator's Guide, Section: Adding an application.

Reference Detail: The description for the "Require HTTPS" setting is: "Select this check box to require that requests for this application use a secure connection." This clarifies its role as an enforcement mechanism, not a configuration step for the certificate.

3. Ping Identity PingAccess 7.3 Administrator's Guide, Section: Adding a site.

Reference Detail: The documentation for the "Secure" option within a Site's configuration states: "Select this check box if the site requires an HTTPS connection." This confirms the setting applies to the connection between PingAccess and the backend server.