Could not use the certificate for signing - Connect to Exchange Online with a certificate

Was trying to connect to Exchange Online with a certificate in a Powershell script using this command:
Connect-ExchangeOnline -CertificateThumbPrint "abcdefghijjklmnopqrstuvwxyz" -AppID "2x1xxe5b-4x2e-3x4t-xxre-fxxxb34xxxxx66" -Organization "tenant.onmicrosoft.com"

and this happend:

[System.Management.Automation.RuntimeException] One or more errors occurred.
[Microsoft.Identity.Client.MsalClientException] Could not use the certificate for signing. See inner exception for details. Possible cause: this may be a known issue with apps build against .NET Desktop 4.6 or lower. Either target a higher version of .NET desktop - 4.6.1 and above, or use a different certificate type (non-CNG) or sign your own assertion as described at aka.ms/msal-net-signed-assertion.
[System.Security.Cryptography.CryptographicException] Invalid provider type specified.

I still don't know way this happend, but I do know that this is the solution.

(If you're reading this and can explain why this happens, drop a comment.)

You're gonna need OpenSSL for this:

Convert the certificate's private key from CNG format to RSA.

• Using certlm.msc export the current certificate, or if the original pfx file still exist use that.
• Extract the public keys, including certificate chain:

OpenSSL pkcs12 -in "oldcertificate.pfx" -nokeys -out "oldcertificateCNGformat.cer"

• Extract the private key:

OpenSSL pkcs12 -in "oldcertificate.pfx" -nocerts -out "oldcertificateCNGformat.pem"

• Convert the key to RSA format:

OpenSSL rsa -inform PEM -in "oldcertificateCNGformat.pem" -out "oldcertificateCNGformat.rsa"

• Merge into a new pfx file:

OpenSSL pkcs12 -export -in "oldcertificateCNGformat.cer" -inkey "oldcertificateCNGformat.rsa" -out "NEWcertificateRSAformat.pfx"

Import the newly created .pfx into certlm.msc and try connection to Exchange Online Management PowerShell with the new certificate.

The thumbprint in your script stays the same.