SSO: How the certificate validation option works?

I was able to setup a copy of Bitwarden on my local NAS server and was even able to set up SSO with IDP.
On the Single Sign-On configuration page under “SAML Service Provider Configuration” I noticed the [Validate certificates] option, and when I selected this option, I received the following error message when trying to use SSO:
There was an error during single sign on. The signature was valid, but the verification of the certificate failed. is it expired or revoked

I don’t quite understand how to fix this error. Can anyone give advice?
thanks a lot in advance!

I’m having the same issue. If I download the Azure SSO SAML certificate, add it to the docker container via a volume statement in the docker compose file (- ./bitwarden/Azure_Federated_SSO.crt:/usr/local/share/ca-certificates/Azure_Federated_SSO.crt), enter the Bitwarden container command prompt, and run “update-ca-certificates”, Bitwarden will trust the certificate until I restart the container. I cannot figure out why the “X509 Public Certificate” field in the Bitwarden organization SSO configuration doesn’t seem to work. I also cannot figure out how to automate this with the docker-compose.yml file (new to Docker). I’ve tried the following command statements but none seem to work.

-command: bash -c “update-ca-certificates && exec /”
-command: update-ca-certificates
-command: “update-ca-certificates”
-command: bash -c “update-ca-certificates”