In the Post Auth page, when attempting to download the Assertion Signing Certificate, the Hyperlink can download the wrong certificate.
A defect means this link always appears to download the first IdP certificate. Which may not be the one selected for the Assertion Signing.
1. Open the Certificates Console "D:\MFCAPP_bin\Certificates Console.msc"
2. Navigate to Certificates | Personal | Certificates
3. Right click on the Certificate that you're using for the Assertion Signing and select Export
4. You should not need to export the Private Key.