So strange thing happened.. our default apigee admin password expired so we reset and also made sure it never expires again. Anyway, at a same time, apigee-sso stopped working. We were using a self signed 1024 bit key. So I decided to use a CA authority signed key but our security administrator said they were only signing 2048 bit certs, not 1024. So I generated a 2048 bit key and create a CSR for him to sign. I validated csr was valid via command "openssl req -noout -text -in server.csr". Now when I try to install apigee-sso with this 2048 bit cert, I get this error message

Failed to instantiate [org.cloudfoundry.identity.uaa.provider.saml.SamlLoginServerKeyManager]: Constructor threw exception; nested exception is java.lang.IllegalArgumentException: Could not load service provider certificate. Check serviceProviderKey and certificate parameters

Question. Does apigee-sso have an issue using 2048 bit keys and certs?

the config file has correct path to key and certificate location.