Click Server Options in the Advanced Authentication Administration portal.
Verify whether the Signing Certificate is available. Use the certificate.
If the certificate does not exist, then upload the certificate.
Navigate to Policies > Web Authentication and click Download IdP SAML 2.0 Metadata.
A new tab launches with the SAML 2.0 metadata that includes the certificate in x.509 format.
Find the tag <ds:X509Certificate> and copy the certificate that follows to a notepad file.
Add the ---BEGIN CERTIFICATE ------------ at the beginning and ---END CERTIFICATE------------ at end of the certificate in the notepad file.
Save the notepad file for further use.