Your network contains two servers named Server1 and Server2 that run Windows Server
2008 R2. Server1 has the Active Directory Federation Services (AD FS) Federation Service
role service installed.
You plan to deploy AD FS 2.0 on Server2.
You need to export the token-signing certificate from Server1, and then import the certificate
to Server2.
Which format should you use to export the certificate?
A.
Base-64 encoded X.509 (.cer)
B.
Cryptographic Message Syntax Standard PKCS #7 (.p7b)
C.
DER encoded binary X.509 (.cer)
D.
Personal Information Exchange PKCS #12 (.pfx)
Explanation:
Reference 1)
http://technet.microsoft.com/en-us/library/ff678038.aspx
Checklist: Migrating Settings in the AD FS 1.x Federation Service to AD FS 2.0
If the AD FS 1.x Federation Service has a token-signing certificate that was issued by a
trusted certification authority (CA) and you want to reuse it, you will have to export it from AD
FS 1.x.
[The site provides also a link for instructions on how to export the token-signing certificate.
That link point to the site mentioned in reference 2.]
Reference 2)
http://technet.microsoft.com/en-us/library/cc784075.aspx
Export the private key portion of a token-signing certificate
To export the private key of a token-signing certificateClick Start, point to Administrative Tools, and then click Active Directory Federation
Services.
Right-click Federation Service, and then click Properties.
On the General tab, click View.
In the Certificate dialog box, click the Details tab.
On the Details tab, click Copy to File.
On the Welcome to the Certificate Export Wizard page, click Next.
On the Export Private Key page, select Yes, export the private key, and then click Next.
On the Export File Format page, select Personal Information Exchange = PKCS #12 (.PFX),
and then click Next.
(…)