Export a Signing Certificate from AD FS

Perform this procedure on the AD FS administration console.

  1. Log into the AD FS server and then click Administrative Tools->ADFS Management

    The AD FS window appears.

  2. Click Service to open the Service Snap-in.

    The available devices appear.

  3. Click on Certificates under Service.

    The Certificates pane showing all available certificates appears.

  4. Select the certificate under Token-Signing in the Certificates Pane.

    The certificate folder appears.

  5. Click the Copy to File option in the Details tab of the Certificate window. This launches the Certificate Export Wizard.
  6. Click Next in the Welcome to the Certificate Export Wizard window.
  7. At the prompt to choose the file format in which the certificate is to be exported, select the "Base64 encoded X.509 (.CER)" option and then click Next.
  8. At the prompt to select the location where the token signing certificate is to be saved, specify a file name that will help you and others at your site identify the certificate. For example, "ADFS" might be a useful name for the certificate.
  9. At the prompt, verify that the file type is "Base 64 Encoded (.cer)" and then click Save.

    The Certificate Export Wizard window displays the File Name and location specified. Verify that the file path specified is correct.

  10. Click Next to proceed with exporting.
  11. Click Finish. The certificate export wizard window displays the message, "The export was successful." Click OK.
  12. Click OK again to close out the wizard.