Hi @Logan Harvey
Thank you for sharing your issue on Microsoft Q&A.
I understand that you are trying to activate a new certificate for SSO, but the new certificate appears to have the same Federation Metadata XML as the old one. This is causing the application to reject the new certificate because it looks identical to the old one.
The metadata URL alone is not enough to distinguish between certificates. To differentiate them, the thumbprint of the certificate must be unique. Even if the Federation Metadata XML URL appears identical, the thumbprint is the unique identifier for each certificate.
Therefore, before proceeding, you should check that the new certificate has a different thumbprint from the old one. If the thumbprints are the same, the new certificate is not considered a valid replacement.
Delete the old certificate once you're confident the new certificate is working without any issues.
For additional information refer this link:https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/tutorial-manage-certificates-for-federated-single-sign-on
Hope this helps. Do let us know if you any further queries.
If this answers your query, do click Accept Answer
and Yes
for was this answer helpful. And, if you have any further query do let us know.
Best Regards.
Harshitha Eligeti