What is the private key for SAML 2.0 app

I created a SAML 2.0 application and using Okta as Idp.
I downloaded the x.509 certificate and imported into my local keystore.
I have CAS 5.2 as the service provided on my local machine.
When I try to start tomcat in which CAS is deployed I get below exception;

org.pac4j.core.logout.NoLogoutActionBuilder@1ead9442 | authorizationGenerators: |]>
ava.lang.UnsupportedOperationException: trusted certificate entries are not password-protected
at java.security.KeyStoreSpi.engineGetEntry(Unknown Source) ~[?:1.8.0_151]
at sun.security.provider.KeyStoreDelegator.engineGetEntry(Unknown Source) ~[?:1.8.0_151]

How to add the certificate into my keystore with private key?