Client browser must re-enroll for new certificate after web.config migration
Symptom
Upon completing a migration of a web.config file from one server to another (which includes: moving decrypted web.configs, customfiles–if any, and exporting necessary certificates to the new server), the existing certificate (which was delivered from the previous server) is not detected on the client's browser and the client asked to enroll for a new certificate.
Cause
The appliance's certificate information is contained in "MFC.SecureAuth.License.dll". Upon the validation of the cert, the appliance checks "MFC.SecureAuth.License.dll" for necessary information in order validate certificates in the client's cert store. Although you may have imported the correct certificate, this step is still necessary in order to prevent the users from having to re-enroll for another certificate.
Resolution
Migrate "MFC.License.DLL" to the new server.