1. Exporting and copying certificates consuming farm using PowerShell
1.1 To export the root certificate from the consuming farm
$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export("Cert") | Set-Content <C:\ConsumingFarmRoot.cer> -Encoding byte
(<C:\ConsumingFarmRoot.cer> is the path of the root certificate)
1.2 To export the STS certificate from the consuming farm
$stsCert = (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
$stsCert.Export("Cert") | Set-Content <C:\ConsumingFarmSTS.cer> -Encoding byte
(<C:\ConsumingFarmSTS.cer> is the path of the STS certificate)
1.3 To export the root certificate from the publishing farm
$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export("Cert") | Set-Content <C:\PublishingFarmRoot.cer> -Encoding byte
(<C:\PublishingFarmRoot.cer> is the path of the root certificate)
2. To import the root certificate and create a trusted root authority on the consuming farm using PowerShell
Managing trust certificates in a farm involves establishing trust. This section describes how to establish trust on both the consuming and publishing farms by using Windows PowerShell 3.0 commands.
Establishing trust on the consuming farm
2.1 To import the root certificate and create a trusted root authority on the consuming farm
$trustCert = Get-PfxCertificate <C:\PublishingFarmRoot.cer>
New-SPTrustedRootAuthority <PublishingFarm> -Certificate $trustCert
( <C:\PublishingFarmRoot.cer> is the path of the root certificate that you copied to the consuming farm from the publishing farm.
<PublishingFarm> is a unique name that identifies the publishing farm. Each trusted root authority must have a unique name.)
Establishing trust on the publishing farm
2.2 To import the root certificate and create a trusted root authority on the publishing farm
$trustCert = Get-PfxCertificate <C:\ConsumingFarmRoot.cer>
New-SPTrustedRootAuthority <ConsumingFarm> -Certificate $trustCert
( <C:\ConsumingFarmRoot.cer> is the name and location of the root certificate that you copied to the publishing farm from the consuming farm.
<ConsumingFarm> is a unique name that identifies the consuming farm. Each trusted root authority must have a unique name. )
2.3 To import the STS certificate and create a trusted service token issuer on the publishing farm
$stsCert = Get-PfxCertificate <c:\ConsumingFarmSTS.cer>
New-SPTrustedServiceTokenIssuer <ConsumingFarm> -Certificate $stsCert
( <C:\ConsumingFarmSTS.cer> is the path of the STS certificate that you copied to the publishing farm from the consuming farm.
<ConsumingFarm> is a unique name that identifies the consuming farm. Each trusted service token issuer must have a unique name.)
