1. Generate a JKS keystore file and save it with the name sso-keystore.jks.

2. Export the public part of the certificate from sso-keystore.jks and save it with the name thingworx.cer. This file will be the ThingWorx signing certificate.

3. To import the ThingWorx signing certificate, open AD FS and click Relying Party Trusts in the left menu.

4. Select the Relying Party Trust you created in the Add Relying Party Trusts procedure. Right click on the selected trust and click Properties.

5. In the Properties window, select the Signature tab and click Add.

6. Add the ThingWorx signing certificate that you previously exported from the sso-keystore.jks.

7. Click Apply and OK.