Bad Request. This typically happens when you parse a malformed certificate string or the certificate has expired. In which case, you can add a new certificate manually in your SSO configuration (see Add metadata manually).
{
"type": "/sso-config/error-responses/unable-to-parse-certificate",
"title": "Unable to parse certificate string.",
"instance": "2014ae78-5015-4b6a-8eb3-a83fe3260664",
"detail": "Certificate is expected in PEM format. Headers and footers are optional. Whitespace and new line characters are ignored.",
"errors": []
}