SAML SP Signing Certificate Change to a Public Cert

Hi (my first post), I’m trying to integrate keycloak with an SAML IdP, loading IdPMetadata -> save all good but when I look at the SP Metadata I see the a selfSigned Certificate for the Realm (yes signing is needed), my question is how do I replace the with a Public Certificate? I’m running in kubernetes deployed using helm Keycloak v10 and I have HA postgresql StatefulSet.