we need to export ADFS token signing and token decrypting certificate with private key
but when we do it export /copy do not get option to export keys
Do you mean the self-signed certificates which are automatically generated? Why would you export them?
You don't need them when you upgrade the farm as you upgrade by adding new nodes to an existing farm.
They are in the backup when you use ADFS Rapid Restore and got restored with the same tool.
You don't need them to create a trust neither with an IDP nor an SP.
So I am curious :)
Yes the self signed certficates which are auto rollover.
there is a reason for exporting it, please let me if it is possible?
we are building the test environment with the same ADFS farm, by taking vm snapshot
The test environment could have a different cert then, if it has a different name, a different AD etc... And if that's the same "cloned" AD environment then just the snapshot you do will have the cert in it (although that's also not a supported way to backup/restore ADFS, recommendation for backup/restore is to use the Rapid Restore tool).
Anyhow, I am afraid that doesn't seem to be a good reason. Besides, test environments are also usually not secured the same way as the production environments (more admins, no restrictions, no monitoring, etc...). So putting the actual keys in dev would considerably decrease your overall security posture.
If the intent of the test environment is to create test relying party trusts (for example to check claim rules or access policies), you can do create a test RP with the Claim X-Ray.
let me explain more in detail
we have ADFS servers in two data-center A & B on different region which load balanced with GTM.
we are planning to re-build the ADFS servers on one region.
DB server will get replicated from B , once we rebuild A.
however the challenge is the certificate for ADFS servers on region A.
6 people are following this question.