I ran the export-federationconfiguration.ps1 script from the ADFS directory on the Server2012R2 ISO, and supplied a password so that it would export the private keys.
So I've take my cert.xml file that was created by the export script, and I want to import just the certificates, not the whole ADFS configuration onto a new ADFS 3.0 server. This would seem pretty straightforward, and I'm borrowing code from the import-federationconfiguration.ps1
script, but, I'm running into a problem.
Here's what I have so far:
$certificatePassword = ConvertTo-SecureString -String "mypassword" -AsPlainText -Force
$certificates = import-CliXML -Path .\Configuration\cert.xml
$signingCert = $certificates.SigningToken.SigningToken
$cert = [System.Convert]::FromBase64String($signingCert.EncryptedPfx)
$newCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$newCert.Import($cert, $certificatePassword, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeySet)
However, at this point, it blows up with:
Exception calling "Import" with "3" argument(s): "Cannot find the requested object.
"
At line:1 char:1
+ $newCert.Import($cert, $certificatePassword, [System.Security.Cryptography.X509C ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CryptographicException
Anyone know what I'm doing wrong, or has anyone found a better way to do this?
