one of your on-premises federation service certification is expiring update now

The popup usually shows up several weeks in advance (60 days if I remember correctly), so you have plenty of time to plan. In your case, auto-certificate rollover will take care of replacing the cert. In case you are not using the same cert as the SSL communications cert, your only job is to make sure the metadata is updated after the change happens. You can automate this part by settings up a scheduled task as detailed here: https://gallery.technet.microsoft.com/scriptcenter/Office-365-Federation-27410bdc

If you are using the same cert as token signing and SSL comm, you need to plan for replacing it on the AD FS server, Proxy/WAP servers any LBs, etc. Here are the relevant articles:

for AD FS 2.0/2.1 http://social.technet.microsoft.com/wiki/contents/articles/2554.ad-fs-how-to-replace-the-ssl-service-communications-token-signing-and-token-decrypting-certificates.aspx
for AD FS 3.0 http://blogs.technet.com/b/tune_in_to_windows_intune/archive/2013/11/13/replace-certificates-on-adfs-3-0.aspx

Hi Vasil,

In my case the AutoCertificateRollover is True, so will it take care of the replacement of cert. If so how many days before the expiry date certificate is updated.

Also how do I know if my server is ADFS 2.x or 3.0.

Thanks you.

Excellent Vasil.

We have 25 days expiry date so hopefully the federation service will take care of the certificates automatically after 5 days without our involvement.

Thank you so much for taking time. Much Appreciated.

I got an apt solution from the expert. Thank you.