Hello @Geeaz ,
Thank you for reaching out. The renewal of the certificates (AsymmetricX509Cert), you would have to renew that manually, but, before the cert expires, there would be a notification email that you would receive updating you about the date for the cert expiration.
You can check the following article for configuring the notification email and also steps for renewing the certificate here: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/manage-certificates-for-federated-single-sign-on#add-email-notification-addresses-for-certificate-expiration
The following article is worth checking out as it speaks about managing the certs SSO in Azure AD: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/manage-certificates-for-federated-single-sign-on.
You can also use PowerShell way to renew cert as shown below:
Create New AsymmetricX509Cert:
$RunAsCert = New-SelfSignedCertificate -DnsName SAMLTestkey -CertStoreLocation cert:\LocalMachine\My -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter (Get-Date).AddMonths(12) -HashAlgorithm SHA256
Convert raw AsymmetricX509Cert to base64:
$keyValue = [System.Convert]::ToBase64String($RunAsCert.GetRawCertData())
Add AsymmetricX509Cert to Enterprise Application:
New-MsolServicePrincipalCredential -ObjectId <Object ID of SPN> -Value $keyValue -Type Asymmetric
Hope this helps.
Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as an Answer; if the above response helped in answering your query.