Export the token signing certificate from Access Manager.
In Administration Console, click Devices > Identity Servers > Edit > Security.
Under Keystores, click Signing.
Under Certificates, click the certificate.
Click Export Pubic Certificate, select DER File, and save the file.
Make a note of where you have saved the certificate and copy this file to SharePoint Server for the later reference.
Import this signing certificate into Internet Explorer on SharePoint Server, and export it in the DER format.
Export the root certificate (and intermediates certificates if they exist) if it is different from the token signing certificate.
Click Devices > Identity Servers > Edit > Security.
Click NIDP Trust Store and select the required trusted root.
Click Export Pubic Certificate, select DER File, and save the file.
Make a note of the name and location of the file.
Import this trusted root certificate and intermediate certificates into Internet Explorer on SharePoint Server, and then export it in the DER format.
Export the server certificate from SharePoint Server.
Open IIS Manager by clicking Start > Administrative Tools > Internet Information Services (IIS) Manager.
Under Connections, select your server’s hostname and double-click Server Certificates.
Export the server and trusted root certificates by highlighting the appropriate server and trusted root certificate and clicking View > Details > Copy to File > Next.
While exporting the server certificate, keep the default value No, do not export the private key.
Click Next. Keep the default format DER encoded binary X.509.
Specify the name and location for the exported certificates and click Next > Finish > OK.
Take a note of the name and location of the exported certificates. These certificates are used while configuring the service provider in Access Manager.