Setup: You have a SharePoint farm with web applications configured to use a Trusted Identity Provider aka. ADFS 2.0

Problem: The signing certificate of Trusted Identity Provider expired and you need to change it.


Run these commands in SharePoint Shell on SharePoint server:

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:\path_to_new_certificate.cer")
Get-SPTrustedRootAuthority | ?{$ -match "ADFS"} | Set-SPTrustedRootAuthority  -Certificate $cert
Get-SPTrustedIdentityTokenIssuer | Set-SPTrustedIdentityTokenIssuer -ImportTrustCertificate $cert

Note. Replace ADFS from ?{$ -match “ADFS“} with the name of your Root authority in SharePoint certificate store.

Leave a Reply

Your email address will not be published. Required fields are marked *