The LightSaml relies on the xmlseclibs regarding signing and certificates functionality. LightSaml has helper methods and was tested using xmlseclibs with PEM format only.
Run the following command to generate pem certificate and key
$ openssl req -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem
$certificate = new X509Certificate();
$certificate->loadFromFile($crtFilename);
$publicKey = KeyHelper::createPublicKey($certificate);
$privateKey = KeyHelper::createPrivateKey($filename, $pass);
You would require private key for signing SAML messages.
$message->sign($certificate, $privateKey);
If your SP supports signing you would need to expose your certificate in your SP's metadata entity descriptor
$ed = new EntityDescriptor();
$sp = new SpSsoDescriptor();
$sp->addKeyDescriptor(new KeyDescriptor('signing', $certificate));
$ed->->addItem($sp);