So I’ve come across this a couple of times and I’m sure it will begin to be more visible in the near future. A big shout-out to who posted this information -THANK YOU!
AD FS on Windows Server 2012 R2 (often referred to as “AD FS 3.0”) no longer has a dependency on IIS. One of the common methods used to generate a “Certificate Signing Request” (CSR) is to use IIS on the server you need the certificate on or by using another IIS server in the organization. Without access to IIS, your options for generating the CSR are to use the MMC snap-in, one of the native command line utilities or some third-party tools.
MJandAR.com 