Open the AD FS 2.0 Management tool, then click Start > Administrative Tools > AD FS 2.0 Management.
In the left pane, expand the Service folder and click Certificates.
In the Certificates section, select Add Token-Decrypting Certificate.
(Conditional) If you see an error prompting you to run certain commands during the token-decrypting process, run the following PowerShell commands:
Add-PSSnapin Microsoft.Adfs.PowerShell
Set-ADFSProperties -AutoCertificateRollover $false
These commands allow you to select other certificates. The certificate must be installed on the server. The certificates are configured on the IIS Manager.
Click Start > Administrative Tools > Internet Information Services (IIS) Manager.
Click ServerName.
Click Server Certificates in the IIS section.
In Windows, Start > Run > mmc.
Attach snapshot certificates as service.
Select AD FS.
Import the CA certificate to trusted authorities.
In the Event Viewer, click Applications > AD FS. You can access the troubleshooting help at “Troubleshooting certificate problems with AD FS 2.0” http://technet.microsoft.com/en-us/library/adfs2-troubleshooting-certificate-problems%28WS.10%29.aspx.
Power Shell Commands Help:
Using Windows PowerShell for AD FS2.0 http://technet.microsoft.com/en-us/library/adfs2-help-using-windows-powershell%28WS.10%29.aspx
AD FS 2.0 for Windows PowerShell Examples http://technet.microsoft.com/en-us/library/adfs2-powershell-examples%28WS.10%29.aspx