diff --git a/library/roles/simplesaml/defaults/main.yml b/library/roles/simplesaml/defaults/main.yml
index 69b1e43c..35679772 100644
--- a/library/roles/simplesaml/defaults/main.yml
+++ b/library/roles/simplesaml/defaults/main.yml
@@ -27,6 +27,7 @@ simplesaml_loglevel: NOTICE
 
 # Change this one when we are setting up a cluster of simplesaml servers
 simplesaml_create_self_signed_cert_host: '{{ ansible_fqdn }}'
+simplesaml_provide_an_external_cert: False
 simplesaml_servername: '{{ ansible_fqdn }}'
 
 simplesaml_enable_saml20_idp: 'true'
diff --git a/library/roles/simplesaml/tasks/main.yml b/library/roles/simplesaml/tasks/main.yml
index 32689e4c..09555a24 100644
--- a/library/roles/simplesaml/tasks/main.yml
+++ b/library/roles/simplesaml/tasks/main.yml
@@ -88,6 +88,7 @@
     shell: openssl req -x509 -newkey rsa:2048 -keyout {{ simplesaml_cert_dir }}/key.pem -out {{ simplesaml_cert_dir }}/server.crt -days 3650 -nodes -subj '/CN={{ simplesaml_servername }}'
     args:
       creates: '{{ simplesaml_cert_dir }}/server.crt'
+    run_once: True
     when: ansible_fqdn == simplesaml_create_self_signed_cert_host
 
   - name: Copy the self signed certificate from the first server to all the others
@@ -103,6 +104,7 @@
   - name: Fix the self certificate key permissions
     file: dest={{ simplesaml_cert_dir }}/key.pem owner={{ simplesaml_user }} mode=0400
   
+  when: not simplesaml_provide_an_external_cert | bool
   tags: [ 'simplesaml', 'simplesaml_php', 'simplesaml_cert' ]
 
 - block: