Your network contains three servers named ADFS1, ADFS2, and ADFS3 that run Windows Server 2008 R2.
ADFS1 has the Active Directory Federation Services (AD FS) Federation Service role service installed.
You plan to deploy AD FS 2.0 on ADFS2 and ADFS3.
You need to export the token-signing certificate from ADFS1, and then import the certificate to ADFS2 and
ADFS3.

A.
Personal Information Exchange PKCS #12 (.pfx)

B.
DER encoded binary X.509 (.cer)

C.
Cryptographic Message Syntax Standard PKCS #7 (.p7b)

D.
Base-64 encoded X.S09 (.cer)

Explanation:
Many thanks to ‘confused’ from Algeria and Luffy for noting this question needed a correction and for their help!
Practically the same question as E/Q12.
Reference 1:
http://technet.microsoft.com/en-us/library/ff678038.aspx
Checklist: Migrating Settings in the AD FS 1.x Federation Service to AD FS 2.0
If the AD FS 1.x Federation Service has a token-signing certificate that was issued by a trusted certification
authority (CA) and you want to reuse it, you will have to export it from AD FS 1.x.
[The site provides also a link for instructions on how to export the token-signing certificate. That link point to the
site mentioned in reference 2.]
Reference 2:
http://technet.microsoft.com/en-us/library/cc784075.aspx
Export the private key portion of a token-signing certificate
To export the private key of a token-signing certificate
1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
2. Right-click Federation Service, and then click Properties.
3. On the General tab, click View.
4. In the Certificate dialog box, click the Details tab.
5. On the Details tab, click Copy to File.
6. On the Welcome to the Certificate Export Wizard page, click Next.
7. On the Export Private Key page, select Yes, export the private key, and then click Next.
8. On the Export File Format page, select Personal Information Exchange = PKCS #12 (.PFX), and then
click Next.
9. (…)