diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php
index 8549ce687b223edc90b69bdd7323da81dcdca1e9..d84d9620a9930c1040803b126f2dd7c1c8d65e11 100644
--- a/lib/SimpleSAML/Metadata/SAMLParser.php
+++ b/lib/SimpleSAML/Metadata/SAMLParser.php
@@ -472,6 +472,10 @@ class SimpleSAML_Metadata_SAMLParser {
 				continue;
 			}
 
+			if ($key['signing'] !== TRUE) {
+				continue;
+			}
+
 			$certData = base64_decode($key['X509Certificate']);
 			if($certData === FALSE) {
 				/* Empty/invalid certificate. */
@@ -535,6 +539,10 @@ class SimpleSAML_Metadata_SAMLParser {
 				continue;
 			}
 
+			if ($key['signing'] !== TRUE) {
+				continue;
+			}
+
 			$certData = base64_decode($key['X509Certificate']);
 			if($certData === FALSE) {
 				/* Empty/invalid certificate. */
@@ -624,6 +632,10 @@ class SimpleSAML_Metadata_SAMLParser {
 				continue;
 			}
 
+			if ($key['signing'] !== TRUE) {
+				continue;
+			}
+
 			$certData = base64_decode($key['X509Certificate']);
 			if($certData === FALSE) {
 				/* Empty/invalid certificate. */
@@ -701,6 +713,10 @@ class SimpleSAML_Metadata_SAMLParser {
 				continue;
 			}
 
+			if ($key['signing'] !== TRUE) {
+				continue;
+			}
+
 			$certData = base64_decode($key['X509Certificate']);
 			if($certData === FALSE) {
 				/* Empty/invalid certificate. */