# Self-signed Certificates

> Self-signed certificates are a way to secure your data by encrypting the SAML response when using single-sign on authentication. The following section serves as an example of generating and using self-signed certificates in OKTA.

Self-signed certificates are a way to secure your data by encrypting the SAML response when using single-sign on authentication. The following section serves as an example of generating and using self-signed certificates in OKTA.

## Generating a Self-Signed Certificate

There are multiple software applications which allow you to generate self-signed certificates, such as OpenSSL, MakeCert, IIS, Pluralsight or SelfSSL. For this example, we use MakeCert. In order to make a self-signed certificate with a private key, run the following commands from the Command Prompt:

* `makecert -r -pe -n “CN=UiPath” -e 01/01/2019 -sky exchange -sv makecert.pvk makecert.cer`
* `C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\pvk2pfx.exe” -pvk makecert.pvk -spc makecert.cer -pfx makecert.pfx`

## Add the Certificate to Okta

1. Log in to Okta. The following setup is made in **Classic UI** view. You can change it from the drop-down on the top-right corner of the window.

   !['Classic UI view' image](https://dev-assets.cms.uipath.com/assets/images/orchestrator/orchestrator-classic-ui-image-231084-6dbfde6e.webp)
2. On the **Application** tab, select your previously defined application.

   !['Okta Application tab' image](https://dev-assets.cms.uipath.com/assets/images/orchestrator/orchestrator-okta-application-tab-image-233234-38af8949.webp)
3. On the **General** tab, in the **SAML Settings** section, select **Edit**.
4. On the **Configure SAML** tab, select **Show Advanced Settings**.

   !['Configure SAML tab' image](https://dev-assets.cms.uipath.com/assets/images/orchestrator/orchestrator-configure-saml-tab-image-229666-c0a1bfde.webp)
5. For the **Assertion Encryption** drop-down, select the **Encrypted** option.
6. The certificate is displayed in the **Encryption Certificate** field.

   !['SAML settings' image](https://dev-assets.cms.uipath.com/assets/images/orchestrator/orchestrator-saml-settings-image-226142-0b1e91c1.webp)

## Set Orchestrator/Identity Server to Use the Certificate

1. Import the makecert.pfx certificate to the Windows certificate store using Microsoft Management Console. Refer to [Private Key Certificates](https://docs.uipath.com/orchestrator/standalone/2024.10/user-guide/setting-orchestrator-to-use-a-private-key-certificate#private-key-certificates).
2. Log in to the [host Management portal](https://docs.uipath.com/orchestrator/standalone/2024.10/user-guide/about-the-host-level#host-management-portal) as a system administrator.
3. Select **Security**.
   :::note
   If you are still using the old Admin experience, go to **Users** instead of **Security**.
   :::
4. Select **Configure** under **SAML SSO**:

   The **SAML SSO configuration** page opens.

5. Under the **Signing Certificate** section, set the following:
   * **Store name** - select `My`
   * **Store location** - select `LocalMachine`
   * **Thumbprint** - enter the thumbprint value you've previously prepared.
6. Select **Save** at the bottom to save you changes and close the panel.
7. Restart the IIS server.