...
The V3 installer (when not upgrading an older installation) will generate a key pair to use for your back-channel TLS configuration. The certificate is communicated via a <KeyDescriptor <md:KeyDescriptor use="signing"> element in SAML metadata. (The use="signing" XML attribute refers to authentication generally, which includes back-channel TLS.) While most of the content of this certificate is ignored by Shibboleth SPs, the name of the server hosting the TLS endpoint does have to match the certificate's CommonName or a subjectAltName extension, following usual TLS practice. The installer does this for you automatically.
...
A third key pair, new to this version of the IdP, supports inbound XML Encryption. The private key is used to decrypt data encrypted under the public key. The latter is bound to a certificate that is communicated via a <KeyDescriptor <md:KeyDescriptor use="encryption"> element in SAML metadata.
...
Signing certificates are communicated via a <KeyDescriptor <md:KeyDescriptor use="signing"> element in SP metadata. When configured in the usual fashion, the IdP will completely ignore the content of the certificate other than the public key, but in a back-channel scenario the web server may or may not ignore the certificate's content depending on the software and configuration involved (discussed above).
...
Encryption certificates are communicated via a <KeyDescriptor <md:KeyDescriptor use="encryption"> element in SP metadata. The IdP, when configured in the usual fashion, will completely ignore the content of the certificate other than the public key.
...