Configure trust for search between two SharePoint Server farms

I am trying to setup a Federated Search between a SP2016 farm and SP2013 farm with the following setup as described here:

https://technet.microsoft.com/en-us/library/dn133749(v=office.16).aspx

 

Details:

Sending Farm: SP2013 farm running SSA

Receiving Farm: SP2016 farm running Cloud SSA (SPO result source set as default result source)

 

I run into issues executing the step:

 

New-SPTrustedRootAuthority -Name "SendingFarm" -MetadataEndPoint https://<SendingFarm_web_application>/_layouts/15/metadata/json/1/rootcertificate

PowerShell shows:

 

System.InvalidOperationException: The security token service metadata document could not be parsed.
at Microsoft.SharePoint.Administration.SPSecurityTokenServiceMetadataClient.Deserialize(String encodedMetadataDocument)
at Microsoft.SharePoint.Administration.SPSecurityTokenServiceMetadataClient.DownloadMetadata(Uri metadataEndpointUri)
at Microsoft.SharePoint.PowerShell.Util.SPSecurityTokenServiceMetadataCmdletUtil.ExtractRootCertificateFromMetadataEndPoint(Uri metadataEndPoint)
at Microsoft.SharePoint.PowerShell.SPCmdletNewTrustedRootAuthority.CreateDataObject()
at Microsoft.SharePoint.PowerShell.SPNewCmdletBase`1.InternalProcessRecord()
at Microsoft.SharePoint.PowerShell.SPCmdlet.ProcessRecord()

 

From ULS:

An error occurred while downloading and parsing the json metadata document. Exception: System.InvalidOperationException: The security token service metadata document could not be parsed.
at Microsoft.SharePoint.Administration.SPSecurityTokenServiceMetadataClient.Deserialize(String encodedMetadataDocument)
at Microsoft.SharePoint.Administration.SPSecurityTokenServiceMetadataClient.DownloadMetadata(Uri metadataEndpointUri)

 

I have directly accessed the metadata endpoint "https://<SendingFarm_web_application>/_layouts/15/metadata/json/1/rootcertificate" and I can see the JSON payload as expected.

 

 

Anybody have similar experience or can point to a possible cause what might be going wrong?