SAML cert is a CRT file rather than a PEM or CER file

Problem statement

I need to renew the X.509 Signing Certificate for my SAML connection. My client has given me a CRT file rather than a PEM or CER file. Can I upload this type of file?

Solution

Currently, Auth0 supports .pem and .cer signing certificates through the Dashboard UI. There’s a section in our documentation that explains converting your .crt file to base64, which can then be uploaded via a Management API call to your SAML connection:

https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/saml#convert-signing-certificate-to-base64

You’ll need to PATCH your SAML connection and update the ‘signingCert’ field with the new base64 encoded certificate. However, I’d first recommend performing a GET request on your connection so you can view all available fields, which would allow you to have a backup just in case something doesn’t go according to plan.

Alternatively , if you’re comfortable with OpenSSL, you can run a quick command in your terminal as outlined in this external doc:

openssl x509 -in cert.crt -out cert.pem

That should output a .pem for you to upload via the Auth0 dashboard, which may be more straightforward.