To fix the error (see below) with a certificate you need to recode pfx with SFB accepted CSP "Microsoft RSA SChannel Cryptographic Provider" , as explained here:
openssl pkcs12 -in idp.pfx -out idp.pem
openssl pkcs12 -export -in idp.pem -out new-idp.pfx -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider"
Log Name: Lync Server
Source: LS Protocol Stack
Date: 1/25/2022 9:35:40 AM
Event ID: 14397
Task Category: (1001)
A configured certificate could not be loaded from store. The serial number is attached for reference.
Extended Error Code: 0xC3FC7D95(LC_E_VALIDATION_CERT_NO_KEYEXCHANGE).