SAML signing certificates ensure that messages are coming from the expected identity and service providers. The SAML certificate is used to sign SAML requests, responses, and assertions from the service to relying applications, such as WebEx or Google Apps.
The Catalog > Settings SAML Metadata page displays the SAML signing certificate and includes links for the SAML Identity Provider and Service Provider metadata files. The metadata includes configuration information and the certificates.
A self-signed certificate is automatically created in the VMware Identity Manager service for SAML signing. If your organization requires a certificate from a certificate authority, you can generate a Certificate Signing Request (CSR) from the admin console and use the CSR for generating a certificate. When you receive the signed certificate, you upload the certificate to the VMware Identity Manager service, replacing the self-signed certificate. The SAML signing certificate and the SAML metadata files are updated with the new certificate.