Your network contains two servers named Server1 andServer2 that run Windows Server 2008 R2. Server1
has the Active Directory Federation Services (AD FS) Federation Service role service installed.
You plan to deploy AD FS 2.0 on Server2.
You need to export the token-signing certificate from Server1, and then import the certificate to Server2.
Which format should you use to export the certificate?

A.
Base-64 encoded X.509 (.cer)

B.
Cryptographic Message Syntax Standard PKCS #7 (.p7b)

C.
DER encoded binary X.509 (.cer)

D.
Personal Information Exchange PKCS #12 (.pfx)

Explanation:
Many thanks to ‘confused’ from Algeria and Luffy for noting this question needed a correction and for their help!
Practically the same question as K/Q32
Reference 1:
http://technet.microsoft.com/en-us/library/ff678038.aspx
Checklist: Migrating Settings in the AD FS 1.x Federation Service to AD FS 2.0
If the AD FS 1.x Federation Service has a token-signing certificate that was issued by a trusted certification
authority (CA) and you want to reuse it, you will have to export it from AD FS 1.x.
[The site provides also a link for instructions on how to export the token-signing certificate. That link point to the
site mentioned in reference 2.]
Reference 2:
http://technet.microsoft.com/en-us/library/cc784075.aspx
Export the private key portion of a token-signing certificate
To export the private key of a token-signing certificate
1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
2. Right-click Federation Service, and then click Properties.
3. On the General tab, click View.
4. In the Certificate dialog box, click the Details tab.
5. On the Details tab, click Copy to File.
6. On the Welcome to the Certificate Export Wizard page, click Next.
7. On the Export Private Key page, select Yes, export the private key, and then click Next.
8. On the Export File Format page, select Personal Information Exchange = PKCS #12 (.PFX), and then
click Next.
9. (…)