Check this article - part SAML SSO and verify existing certificates are properly copied to the locations.
/KNEBB