The X.509 certificate in the app is used to improve security in the SAML Single Sign-On process. The X.509 certificate is configured in the Identity Provider for signing and encryption. In the app, option to Sign SAML Request (sent from service provider to your Identity Provider) can be turned on. In your Identity Provider, you can choose to encryptthe Assertion in the SAML Response (sent from your Identity Provider to service provider).
How to migrate the certificate?
The X.509 certificate is saved with the Identity Provider. So, the certificate needs to be migrated in the SSO app as well as the Identity Provider at the same time.
Verify functioning SSO
Go to Backup/Restore Configurations tab and download the App configuration file for backup
Go to the Certificates tab and click on Generate New Certificates. Enter relevant details and generate new certificates.
Go to Service Provider Info and from the table, against Certificate click on the Download button.
Configure this certificate in the Identity Provider.
Confirm correct certificate migration using Test Configuration (Configure IDP tab, next to Save). You should see a success message. If you get a certificate mismatch error, follow steps 4 to 6 again.