SSO Working with Expired Self-Signed Certificate and the IDP is not Salesforce

An IDP uses the self-signed certificate for secure communication. If the IDP is not Salesforce, the described behavior can occur because the IDP has control over the secure communication.  Salesforce does not have any control over how the IDP works and uses the certificate for ‌communication/authentication purposes.

Use one of the Additional Resource links below to create a new self-signed Salesforce certificate to replace the expired certificate if the desire is to continue to use a self-signed cert solution.