SimpleSAMLPHP requires the x509 certificates to create complete metadata. As most PHP projects, SimpleSAMLPHP required the certificate to be in PEM format. To generate the key and certificate pair, you can run the following OpenSSL command.

#> openssl req -newkey rsa:2048 -new -509 -days {Days Valid} -nodes -out saml.crt -keyout saml.key

Now move the generated certificate and key file to the {SimpleSAMLPHP Directory}/cert directory. If it doesn't exists, create it. Also make sure the key file is properly secured. Make sure only the web server user can read it. Admins can have read/write access on the file.

Ex. for Unix style systems

chown 640 saml.key

chgrp www-data saml.key (Ubuntu)