The following is from http://www.interactivewebs.com/blog/index.php/server-tips/ad-fs-certificate-rollover-crm-2011/

The Fix

Basically the certificate automatically rolls over to a new one and ADFS won’t authenticate any more. Here are the steps that seem to fix this issue:

1. Open windows Powershell as administrator (right click runas)
2. Run the following commands:
3. add-pssnapin Microsoft.adfs.powershell
4. set-adfsproperties -autocertificaterollover $true
5. update-adfscertificate -urgent
6. Run the CRM deployment manager
   
7. Run through Configure Claims-Based Authentication Wizard (no changes)
8. Run through Configure Internet-Facing Deployment Wizard (no changes)
9. Restart the adfs service
   From a Command Prompt “cmd” Type
   net stop adfssrv
   then
   net start adfssrv
10. Restart the Microsoft Asynchronous processing service
    From Services Windows
    Click the Restart Icon while the Service is selected
    
11. run an iisreset from the elevated command prompt
    Start RUN “cmd”
    iisreset