Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1
is configured as an Active Directory Federation Services (AD FS) 2.0 standalone server.
You plan to add a new token-signing certificate to Server1.
You import the certificate to the server as shown in the exhibit. (Click the Exhibit button.)
When you run the Add Token-Signing Certificate wizard, you discover that the new
certificate is unavailable.
You need to ensure that you can use the new certificate for AD FS.
What should you do?
A.
From the properties of the certificate, modify the Certificate Policy OIDs setting.
B.
Import the certificate to the AD FS 2.0 Windows Service personal certificate store.
C.
From the properties of the certificate, modify the Certificate purposes setting.
D.
Import the certificate to the local computer personal certificate store.
Explanation:
http://technet.microsoft.com/en-us/library/hh341466.aspx
When you deploy the first federation server in a new AD FS 2.0 installation, you must obtain
a token-signing certificate and install it in the local computer personal certificate store on that
federation server.