Recently, I got a chance to renew certificates on Active Directory Federation Services (ADFS) servers. I read lot of articles, but doing it in production is totally different. Hence, I am sharing all steps; I performed to successfully renew/replace the Service Communications, Token-Signing, and Token-Decrypting Certificates.
I had four ADFS servers: Two ADFS Proxy in the DMZ and Two ADFS Main Server in a farm with a SQL back-end database.
Step 1. Request New Certificate.
Generate a new certificate request with same primary key from Primary ADFS Server in your farm. You can use IIS or Certificate snap-in to generate the new certificate request.
Note: You also need root and intermediate certificate.
Step 2. Import New Certificate in Certificate Store.
Import New Certificate into Certificate Store on ADFS Primary server with Private Key.