For those of you that are still running Active Directory Federation Services 2.0 & your Token-decrypting and Token-signing certificates are about to expire ;if you have the default settings , a new certificate is automatically generated 20 days before each certificate expires you can renew it 20 days before & you can do this manually .
Update-MsolFederatedDomain –domainname <domain name>
But Microsoft has a great script that can be run that will create a scheduled task running once a day that will switch them over automatically.
For those that are using Relying-party Trusts like Yammer ; you will need to export the public key portion of a token-signing certificate ; attaching it to a service request & this should be done no less than 14 days before the switch over date. I heard this process may change & will keep you updated. But the exporting process is listed below:
To export the public key portion of a token-signing certificate
- Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
- Right-click Federation Service, and then click Properties.
- On the General tab, under Token-signing certificate, click View.
- In the Certificate dialog box, click the Details tab.
- On the Details tab, click Copy to File.
- On the Welcome to the Certificate Export Wizard page, click Next.
- On the Export Private Key page, make sure that No, do not export the private key is selected, and then click Next.
- On the Export File Format page, select DER encoded binary X.509 (.CER), and then click Next.
- On the File to Export page, specify the certificate file in File name, and then click Next.