If you use ADFS or some form of federated identity in SharePoint eventually you’re likely to need to update the certificate you have installed. This is because SharePoint holds a copy of the public certificate to verify the incoming SAML Claims tokens. Thankfully it’s reasonably painless and requires no downtime for SharePoint.

Here’s a script I’ve used to get this job done quickly and painlessly.

Add-PSSnapIn Microsoft.SharePoint.PowerShell
$cwd = Resolve-path .
$certPath = Join-Path $cwd "NewCert.cer" 
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("$certPath") 
Get-SPTrustedRootAuthority "Trusted Root Authority Name" | Set-SPTrustedRootAuthority -Certificate $cert 
Set-SPTrustedIdentityTokenIssuer -Identity "Trusted Token Issuer Name" -ImportTrustCertificate $cert