How to Replace ADFS 2.0 Token Signing and decryption ... Hot social.technet.microsoft.com 1: Add new token signing certificate to ADFS, using GUI. 2: Change the token signing certificate in SharePoint trusted certificate configuration . 3: Switch the new certificate to primary . I will show you in the following steps how you can update the ADFS and WAP servers from 1 server. I assume that you are using ADFS on a Windows 2016 server. If this is not the case, you must also install the certificate on the secondary ADFS server. I assume in all steps that you have medior knowledge of Certificates, ADFS, and WAP.