Same certification for different applications in a tenant


I have SPA and M2M applications in my account. Both applications have the same signing certificates. I assumed each application would have different certificate that I can use when validating JWT and determine whether it’s end-user access token or M2M token.

Are all applications in an account expected to have the same signing certificate?