Setup: You have a SharePoint farm with web applications configured to use a Trusted Identity Provider aka. ADFS 2.0
Problem: The signing certificate of Trusted Identity Provider expired and you need to change it.
Solution:
Run these commands in SharePoint Shell on SharePoint server:
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:\path_to_new_certificate.cer") Get-SPTrustedRootAuthority | ?{$_.name -match "ADFS"} | Set-SPTrustedRootAuthority -Certificate $cert Get-SPTrustedIdentityTokenIssuer | Set-SPTrustedIdentityTokenIssuer -ImportTrustCertificate $cert
Note. Replace ADFS from ?{$_.name -match “ADFS“} with the name of your Root authority in SharePoint certificate store.