In case anyone stumbles across this post (no responses so far so that seems doubtful?). The problem was that the certificate needed to be added to the keystore, as covered in the following article:
The only thing that was inaccurate for my environment was that the certificate file on my install of tableau didn't have the .jks extension - it was just called "cacerts" not "cacerts.jks". So the final command was as follows...
keytool -importcert -file "c:\Program Files\Tableau\Tableau Server\SSL\my-identity-provider-certificate.cer" -keystore ../lib/security/cacerts -alias "my-identity-provider"
Hope that helps someone!
David, thanks for following up and giving us your solution!