RobM.62038 (Customer) asked a question.
Can I create an IdP whose signing cert is CA signed?
We are creating an inbound federated SSO application for a client that will not accept self-signed certificates. When I create an Identity Provider in okta, the metadata contains a self-signed certificate. Is there a way to make okta use a certificate issued by a valid CA? NOTE: I am not talking about the customer's cert that we use to configure the IdP. I am talking about the cert that we provide to the customer in the IdP metadata.
Thank you for your inquiry Rob!
Yes, you can provide your external IdP with a 3rd party CA signed certificate, however doing so requires you to employ the use of API calls.
The following documentation contains all the detailed steps of the API calls you will need and the order in which to execute them to generate your own Certificate Signing Request (CSR):
https://developer.okta.com/docs/guides/sign-your-own-saml-csr/overview/
The links presented in the documentation have to be followed in order for the procedure to work.
If you are unfamiliar with how to use API calls, the following documentation provides the necessary knowledge to use Postman for all your API call needs with Okta:
https://developer.okta.com/code/rest/
Thank you for reaching out and if you have any issues you can open a support ticket to further investigate.
Andrei Niculae
Technical Support Engineer
Okta Global Customer Care