Import a Cryptographic New Generation (CNG) certificate as a Legacy cert to use with ADFS

The current version of ADFS (Active Directory Federation Services for Windows Server 2012 R2) unfortunately does not support Cryptographic New Generation (CNG) Certificates.
Though if you already have a CNG cert, and does not want to re-request a legacy cert from your provider, it’s possible to import a CNG as a  Legacy cert by using this command.

And ADFS will then be able to use that certificate.

A Huge thanks to my colleague and security expert Hasain Alshakarti (Twitter: @Alshakarti  Blog: for providing me with the solution.

Leave a Reply