Some Identity Providers issue X.509 signing certificates for SAML connections that contain a UUID-based long Object Identifier (OID), such as 2.25.0000000000...

Although including a UUID-based OID in the certificate is a valid use case, the Management Dashboard's frontend validation will reject such a certificate and display an error message

Invalid PEM formatted message.

This Knowledge Base Article explains how to bypass this error to upload the signing certificate.

• SAML Connection
• X.509 Signing Certificate

The frontend validation logic has a limitation: it cannot parse UUID-based OIDs, whereas the Management API's server-side logic correctly recognizes them.

Upload the X.509 signing certificate via the Management API.

• Create a connection 
• Update a connection

{
  "options": {
    "signingCert": "(Raw or Base64 encoded signing certificate)",
    (other options)
  }
}

NOTE: Updating the options object will overwrite all its values with the request payload. If an existing value is not included in the payload, it will be lost.

To preserve the existing values, follow the steps described in this article: Management API: Options Object Overwritten when Trying to Update a Connection.