I can't find an answer to this, so I'm hoping you good people will know. I'm about to install ADFS into Production including a Web Application Proxy in the DMZ. When WAP is joined to a farm or a single ADFS server, it generates a self-signed certificate and this is copied into the AdfsTrustedDevices certificate store on the ADFS server. In the text environment, I've noticed that the certificate only has a life span of 5 days, so I'm assuming that the WAP server will generate a new certificate when the old one expires and send it to the ADFS server.
Does anyone know if this is correct?