Cannot upload Signature Certificate (SAML Logout) Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Sandeep MoreSandeep More 

Cannot upload Signature Certificate (SAML Logout)

I am trying to test Single Logout (SLO) for SAML, I can see my SAML request in the logs but I am getting "Issuer does not match" error. When, I try to upload a certificate (in PEM or DER format) I get a failure message "The filename is invalid or missing" I can see that the file is not missing (and attached) about the file names, I tried multiple names nothing works. I could not find any documentation on what format the certificate should be and the expected file name. Funny thing is I was able to upload a certificate earlier !
Any help would be greatly appreciated.
Evan AlterEvan Alter (Okta, Inc.)
Sandeep -
What was the format of the earlier signature? How was the new signature created?

Both PEM and CER certificate formats are supported.

Sandeep MoreSandeep More
Thanks for responding Evan ! I was using PEM format. 
After a lot of wasted time turns out the issue was my browser, to be specific Opera (50.0.2762.67 MacOSX).
Using Safari worked. Okta admin page did not give any indication indication there was a failure with Opera. 
Anyways, I was finally able to upload the certs and successfully test SAML Single Logout. 

Thanks !
Abhijit PatniAbhijit Patni
Hi Sandeep, I stuck in the SAML logout part. Basically, we have configured required things in the OKTA regarding logout. We have uploaded same certificate which OKTA has given. But, after logout from the OKTA, we are not getting logout from the application. Can you help us regarding the same?
Sandeep MoreSandeep More
Generally Okta logs are pretty good about telling you what's wrong.
Evan AlterEvan Alter (Okta, Inc.)
Good news, Sandeep. Thanks for letting us know.

Evan Alter
Okta Customer Support
Evan AlterEvan Alter (Okta, Inc.)
Sandeep -
Although Opera is a great browser, it is not officially supported on Okta. That does not mean it will never work, but it does mean that we cannot guarantee that it will always work.

Platforms, Browser, and OS Support


Evan Alter
Okta Customer Support
Dylann FezeuDylann Fezeu (Customer First Programs)

Thanks for posting your inquiry in Okta Community Portal.

​If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer." 

Thank you,

​Dylann Fezeu
Okta Help Center Team
devops shearwaterdevops shearwater
Hi all, I got the same issue with uploading Signature Certificate. Can anyone tell me what is the "Signature Certificate" in single logout and what is its purpose? As I think, "Signature Certificate" is the public key of Service Provider which have uploaded on Single Sign-On configuration. in other think, it's the public key of CA which we use to generate the public key?

Thank you all.