If the IdP certificate is signed directly by a trusted certification authority (CA) this step is not required. This step is only for instances where the CA trust-chain is not already trusted by the CxManager.
The below should be applied for the root and all intermediate CA keys.
To manually install the trusted certificate file:
Go to Start > Run > MMC. The Console Root screen is displayed.
Select File > Add/Remove Snap-ins. The Add or Remove Snap-ins screen is displayed.
Double-click on Certificates. The Certificates Snap-in screen is displayed.
Select the Computer Account option and click Next.
Click Finish and then OK.
From the Console Root screen, go to Certificates > Trusted Root Certification > Certificates.
Right-click on Certificates, select All Tasks > Import. The Welcome to the Certificate Import Wizard is displayed.
Click Next. The File to Import screen is displayed.
Click Browse and navigate to the trusted certificate file (.cert).
Click Next. The Certificate Store screen is displayed.
Select Place all Certificates in the following store and verify the selected Certificate Store is Trusted Root Certification Authorities.
Click Next. The Certificate Import Completion screen is displayed.
Confirm the specified trusted root certificate import settings and click Finish