Can the CSR be 3rd party official or can be self signed?
You may refer to this conversation:
Does the private key have to be in pair with service provider server? (Means the server of the Single sing-on URL parameter)
I am assuming in “Signature Certificate” in the Application setting, if we are to upload a certificate we should upload the server certificate of the service provider server, and if my understanding is correct, does the private key need to be the pair key of this certificate?
Answer:
As I understand it, you would need to generate a CSR , then a private key is used to sign the CSR via a third party CA.
As per the article: “The CA that you choose provides instructions on how to upload the CSR that you generated in the previous step.”
In essence the private key would be used as part of the CSR signing only. On the Service Provider (app) side, you would just use the new certificate set up for your Okta side of the configuration.
Thank you for reaching out here on the Okta Developer Forum. We noticed that your question is more closely related to SAML. To ensure you receive the most accurate and timely assistance, we recommend reposting your query on Okta’s Community at: Okta Help Center (Lightning)
Okta’s teams on the Community are better equipped to provide the comprehensive support and guidance you need as they have the specialised knowledge and expertise in SAML.
We appreciate your understanding and are committed to ensuring you receive the best possible support. If you have any other questions or issues related to Okta’s developer tools and API’s, feel free to post them here, and we’ll be happy to assist!
Hello @andrew1 , I am in the same team as @el.john.fandialan .
Actually, we came from the Okta Halp Center itself.
We asked them first the same question, and they adviced to ask here.