Encountering certificate issue causing customers to be locked out

Good morning, I'm hoping I can provide enough information here to get some help. Maintaining FA is all very new to me so please bare with me.

One of our customers recently decided they wanted to rotate their certificates for their test environment. They sent us an XML file and I extracted the value in the "X509Certificate" tag, then went into Settings > Key master and created a new Certificate using that value. After I set this new key as the verification Key for the customers Identity Provider in FA, they received the following error message:

Unable to parse or validate SAML response.


Exception:
io.fusionauth.samlv2.domain.SAMLException: Unable to verify XML signature in the SAML v2.0 XML. The signature was unmarshalled but we couldn't validate it. Possible reasons include a key was not provided that was eligible to verify the signature, or an un-expected exception occurred.

Clearly I've screw up somewhere along the way, but I have no idea where. Did I create the wrong certificate type or did the settings get out of synch somehow? Users were able to log in without issue until the customer rotated their certificates.

@mark-robustelli We were able to get a user who did have Prod access to create new users who were able to log in, so this is likely a case of user error here. We do have a different issue ongoing which we could use some help with not in a public forum.

Our company has two instances of FusionAuth running, a Dev and a Prod. While our Dev instance is working without any issues, we are running into problems with getting access to the Prod instance. Only one user has been able to log in and all others (including new users they created) have been unable to reach the FusionAuth Dashboard, receiving the "Invalid Credentials" error message. We could desperately use some help troubleshooting the problem and getting access sorted for some other users.