diff --git a/roles/zabbix/zabbix_server/tasks/install.yml b/roles/zabbix/zabbix_server/tasks/install.yml
index 4f6099ac44..f1b758bbaf 100644
--- a/roles/zabbix/zabbix_server/tasks/install.yml
+++ b/roles/zabbix/zabbix_server/tasks/install.yml
@@ -66,7 +66,10 @@
 
 - name: Install IDP certificate
   ansible.builtin.copy:
-    src: "{{ private }}/files/saml2/{{ env }}/keys/idp.crt"
+    content: "{{ lookup('ansible.builtin.file',
+            private + '/files/saml2/' + env + '/keys/idp.crt')
+            | regex_search('-----BEGIN CERTIFICATE-----\n[^-]*\n-----END CERTIFICATE-----',
+            multiline=True) }}\n"
     dest: /usr/share/zabbix/conf/certs/idp.crt
     mode: 0644
     owner: nginx
diff --git a/roles/zabbix/zabbix_server/templates/zabbix.conf.php.j2 b/roles/zabbix/zabbix_server/templates/zabbix.conf.php.j2
index def2d557c2..24d307fcf8 100644
--- a/roles/zabbix/zabbix_server/templates/zabbix.conf.php.j2
+++ b/roles/zabbix/zabbix_server/templates/zabbix.conf.php.j2
@@ -52,4 +52,4 @@ $IMAGE_FORMAT_DEFAULT   = IMAGE_FORMAT_PNG;
 //$SSO['SP_CERT']                       = 'conf/certs/sp.crt';
 //$SSO['IDP_CERT']              = 'conf/certs/idp.crt';
 //$SSO['SETTINGS']              = [];
-$SSO_SETTINGS=['strict' => false, 'baseurl' => "https://zabbix{{ env_suffix }}.fedoraproject.org", 'use_proxy_headers' => true]
+$SSO['SETTINGS'] = ['strict' => false, 'baseurl' => "https://zabbix{{ env_suffix }}.fedoraproject.org", 'use_proxy_headers' => true];