Import just the certificates from ADFS 2.0 to ADFS 3.0 RRS feed

  • Question

  • I ran the export-federationconfiguration.ps1 script from the ADFS directory on the Server2012R2 ISO, and supplied a password so that it would export the private keys.

    So I've take my cert.xml file that was created by the export script, and I want to import just the certificates, not the whole ADFS configuration onto a new ADFS 3.0 server.  This would seem pretty straightforward, and I'm borrowing code from the import-federationconfiguration.ps1 script, but, I'm running into a problem.

    Here's what I have so far:

    $certificatePassword = ConvertTo-SecureString -String "mypassword" -AsPlainText -Force

    $certificates = import-CliXML -Path .\Configuration\cert.xml

    $signingCert = $certificates.SigningToken.SigningToken

    $cert = [System.Convert]::FromBase64String($signingCert.EncryptedPfx)

    $newCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2

    $newCert.Import($cert, $certificatePassword, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeySet)

    However, at this point, it blows up with:

    Exception calling "Import" with "3" argument(s): "Cannot find the requested object.
    At line:1 char:1
    + $newCert.Import($cert, $certificatePassword, [System.Security.Cryptography.X509C ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : CryptographicException

    Anyone know what I'm doing wrong, or has anyone found a better way to do this?

    Saturday, May 20, 2017 7:35 PM