diff --git a/ssoauth/app_settings/defaults.py b/ssoauth/app_settings/defaults.py
index 080784cfa557a9c529fdd9756f69530d51d2da54..1325de5899fe24de0b067b9e7d23cc016fbe7a30 100644
--- a/ssoauth/app_settings/defaults.py
+++ b/ssoauth/app_settings/defaults.py
@@ -1,4 +1,5 @@
 import os
+import pathlib
 from django.conf import settings as django_settings
 from datetime import timedelta
 
@@ -23,8 +24,10 @@ IDP_META_URL = None  # e.g. "https://idp-test.hs-hannover.de/idp/shibboleth"
 IDP_ENTITY_ID = IDP_META_URL  # these must normally be the same, but a workaround is required as of 18.03.2024
 IDP_LOGOUT_URL = None  # e.g. "https://idp-test.it.hs-hannover.de/idp/profile/Logout"
 
-SP_KEY = "{project_settings}/cert/sp.key"
-SP_CERT = "{project_settings}/cert/sp.pem"
+# paths to the public/private keys for SAML2, either put them into `settings/sso_cert/` or change the settings
+__settings_directory = str(pathlib.Path(os.environ.get("DJANGO_SETTINGS_MODULE").replace(".", "/")).absolute())
+SP_KEY = f"{__settings_directory}/sso_cert/sp.key"
+SP_CERT = f"{__settings_directory}/sso_cert/sp.pem"
 
 SSO_REQUIRED_IN_DEBUG = False
 SSO_REQUIRED_IN_PRODUCTION = False  # disabled because of e.g. collectstatic on the static server