If an X.509 certificate has been exported as a PFX blob using Windows's capability to protect the private key to a SID, that certificate may now fail to import. This will impact PFX blobs created in the following manners: Via Windows's Certificate Export Wizard and specifying in the wizard that the private key should be protected to a domain user; or Via PowerShell's Export-PfxCertificate ...