We got an CA certificate ( for server afds.xxxxxx.com )  from External and imported to our Microsoft  ADFS 2.0 server and follows the instruction Configure SAML 2.0: https://help.salesforce.com/articleView?id=identity_provider_examples_3p_adfs.htm
And it was working fine.

Now we wish to use a new CA wild card certificate ( *.xxxxxx.com ) for our server afds.xxxxxx.com. 
Can Sales force SAML 2.0 use this wild card certificate ( *.xxxxxx.com ) instead of destinated certifcate (afds.xxxxxx.com) for SAML SSO ?
Has anyone done this or is this possible ? 

We got the following error:
Single Sign-On Error
We can't log you in. Check for an invalid assertion in the SAML Assertion Validator (available in Single Sign-On Settings) or check the login history for failed logins.

We tried recreate another account, but once use this "xxxxx@xxxxxxx.com" in federation ID , we got the Single Sign-On Error
We can't log you in. Check for an invalid assertion in the SAML Assertion Validator (available in Single Sign-On Settings) or check the login history for failed logins.

Any one expericence the same ?

We got the following error:
Single Sign-On Error
We can't log you in. Check for an invalid assertion in the SAML Assertion Validator (available in Single Sign-On Settings) or check the login history for failed logins.

We tried recreate another account, but once use this "xxxxx@xxxxxxx.com" in federation ID , we got the Single Sign-On Error
We can't log you in. Check for an invalid assertion in the SAML Assertion Validator (available in Single Sign-On Settings) or check the login history for failed logins.

Any one expericence the same ?