We're using AD FS 2.0 on Server 2008 R2 and are currently using certificates issued from our internal CA for Service Communications and Token-signing. I'm pretty inexperienced with internal PKI, so I was wondering if AutoCertificateRollover, for our AD FS environment, should be set to True or False. Will the internal CA generate new certs when they get close to their expiration dates?
Thanks!