I know this has been a pain of varying magnitudes for folks over the last couple of years, so I thought I would share some nice PowerShell I stumbled upon recently. It allows you to export the token signing certificate of the local SharePoint farm’s STS. You can then use this for things like getting the thumbprint to use when setting up a federated trust with a WCF endpoint, etc. To get the cert saved locally, just use these two PowerShell commands:
$stsCert = (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
$stsCert.Export(“Cert”) | Set-Content “C:\STS.cer” -Encoding byte
That exports the certificate into a file on your C:\ drive called STS.cer.