Errors:
SWAMID Tech 6.1.14: Service Providers MUST have at least one valid encryption certificate.
SWAMID Tech 6.2.2: Signing and encryption certificates MUST NOT be expired. New certificate should be have a key strength of at least 4096 bits for RSA or 384 bits for EC.