There is a scheduled job "Refresh MultiSSO IDP Metadata" that will attempt to use the defined URL in the "IDP Metadata URL" field in the respective IdP record to retrieve the XML payload to automatically create new certificates if they exist.
However, if there is an error with the certificate for the defined Metadata URL, the job is unable complete and fails to connect to that URL.
2020-01-20 00:10:42 (069) worker.5 worker.5 txid=374803001ba6 SEVERE *** ERROR *** *** Script: Could not load Metadata from the url <IDP METADATA URL>
Release or Environment
The scheduled job transaction will have the following error:
Cannot connect to the URL <IDP METADATA URL>: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated: sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:450)
While the metadata can be retrieved in the Chrome browser, it also notes an issue with the certificate.
Provide the information from the 'ssllabs' site to your Identity Provider admin to have them review and address the certificate issue.
In the interim, if you do want those errors to stop appearing you can disable the related scheduled job, "Refresh MultiSSO IDP Metadata", or you can clear that URL value in the respective IdP record field: "IDP Metadata URL".
**Note: If the job disabled or Metadata URL is removed, you would then need to manually update the x509 certificates for the updated IdP record and coordinate the certificate changes with the IdP admin**