If you use ADFS or some form of federated identity in SharePoint eventually you’re likely to need to update the certificate you have installed. This is because SharePoint holds a copy of the public certificate to verify the incoming SAML Claims tokens. Thankfully it’s reasonably painless and requires no downtime for SharePoint.
Here’s a script I’ve used to get this job done quickly and painlessly.
Add-PSSnapIn Microsoft.SharePoint.PowerShell $cwd = Resolve-path . $certPath = Join-Path $cwd "NewCert.cer" $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("$certPath") Get-SPTrustedRootAuthority "Trusted Root Authority Name" | Set-SPTrustedRootAuthority -Certificate $cert Set-SPTrustedIdentityTokenIssuer -Identity "Trusted Token Issuer Name" -ImportTrustCertificate $cert