Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the urvanov-syntax-highlighter domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in C:\home\site\wwwroot\wp-includes\functions.php on line 6114
Import a Cryptographic New Generation (CNG) certificate as a Legacy cert to use with ADFS – A Geeks World

Import a Cryptographic New Generation (CNG) certificate as a Legacy cert to use with ADFS

The current version of ADFS (Active Directory Federation Services for Windows Server 2012 R2) unfortunately does not support Cryptographic New Generation (CNG) Certificates.
Though if you already have a CNG cert, and does not want to re-request a legacy cert from your provider, it’s possible to import a CNG as a  Legacy cert by using this command.

And ADFS will then be able to use that certificate.

A Huge thanks to my colleague and security expert Hasain Alshakarti (Twitter: @Alshakarti  Blog: http://secadmins.com/) for providing me with the solution.

3 thoughts on “Import a Cryptographic New Generation (CNG) certificate as a Legacy cert to use with ADFS”

  1. Sorry guys, I dont have a cert to try with right now. It’s possible they have done some change so the above is not working anymore.

  2. Same for me:

    CertUtil: -importPFX command FAILED: 0x80090029 (-2146893783 NTE_NOT_SUPPORTED)
    CertUtil: The requested operation is not supported.

  3. facing error message

    CertUtil: -importPFX command FAILED: 0x80090029 (-2146893783)
    CertUtil: The requested operation is not supported.

Leave a Reply