This CA Root Certificate is not trusted. To enable trust, install this certificate in the Trusted Root Cerification Authorities Store. How do i do this?

This is the error that I am getting in IIS on an Exchange 2007 Standard  Edition 64 bit Server.
This CA Root Certificate is not trusted.  To enable trust, install this certificate in the Trusted Root Cerification Authorities Store.  How do i do this?
Who is Participating?
If this is a purchased cert, you will need to go back to where you purchased it and purchase another one.  You should be able to find who issued the cert by opening it and seeing where it says issued by:
Then you will need to generate a new request and then they can send you a new cert.  This website is really good for assisting in requesting a new cert:  It has all the tools you need to generate a cert request and tells you how to apply it to exchange 2007.

My previous post was assuming that you had your own Enterprise CA.  - Purchased certs are much better for the end user.
Andres PeralesCommented:
you should be able to right click on the root certificate and select install, that should install the root cert!
usts-pwAuthor Commented:
I am really lame here.  Where do i find my root certificate?
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

You can view the certificate, then install it, but this error may be due to exchange / iis using a self-signed certificate.

You would be best to either purchase a certificate (if you are planning to publish the exchange externally for Activesync or OWA), or generate a certificate using a Domain Root CA (a Certificate Services Server).
go to https://servername/certsrv  and download the certificate from there.  Then just double click on it and it should install.
usts-pwAuthor Commented:
I have a cert that has been purchased.  It is about to expire and I am simply trying to properly renew it.  Expiration date is 5-2-9.  I also have 2 other certs in the Personal folder.  When viewed they have red x's through them that says "This CA Root certificate is not trusted.  To enable trust, install this cerificate in the Trusted root Cerification Athorities Store".  
When I right click on the purchased cert (which is also in the Personal-Cerificates folder) I have 4 choices
Request Cert with New Key
Request Cert with Same Key
Renew Cert with New Key
Renew Cert with Same Key
If I select Renew *, I get an error saying, "This certificate cannot be renewed because it does not contain enough information to generate a renewal request.  Please request a new certificate"
If I select Request * , I get an error saying " The wizard cannot be started because of one or more of the following conditions:
There are no trusted certificatoin authourities (CAs) available
You don not have the permissions to request cerificates from the available CAs
The available CAs issue certicates for which you do not have permissions

usts-pwAuthor Commented:
I tried that and it didn't work.  It looked like it was going to.

I know in the command to substitute my servername but the second word /certsrv was correct right?
usts-pwAuthor Commented:

Thanks for the responce.   I saw where I can do that from the location of the certs in the file system.   These are the old ones though that are the ones that need replacing or renewing so I am at a bit of a loss.  Any other suggestions?

ParanormasticCryptographic EngineerCommented:
Contacting the cert vendor is probably easiest, but you can locate the correct CA certificates this way:
- double click to open up the certificate the you received from the vendor in your email
- details tab
- look through the list of attributes for "Authority Information Access" (AIA) and click to highlight it
- the bottom part of the window will show one  or more locations to access the CA certificate that issued your SSL cert - click that and open it.
- details tab of the ca cert
- copy to file button
- follow the wizard to save to file

repeat this process until you get to the root certificate - this will not have an AIA listed.  You can also confirm that it is the root by validating that the Subject and Issuer attributes have the same things listed.  Copy this to file as well.

Since this is the web server, it is best to install all CA certificates, however only the root cert needs to be assigned to the trusted root certification authorities store - often this will end up there if you let windows decide, but if you have problems choose to select the store and browse, check the box for 'show physical stores' and then select the trusted root CA store.
ParanormasticCryptographic EngineerCommented:
Also note - you might question where you got the cert from if you don't trust the root for it yourself.  If you don't already trust it - would you expect your customers to trust it (and thus trust your site with their money)?

If it is from godaddy, you may need to update your server to the latest service pack and that will have their root included.  Alternatively, you can do windows update and look for the optional/recommended installs and look for the root certificate update.  Since this is not critical or high severity, it doesn't always get installed by a lot of people, however most home users would have already applied the service pack by now, and root certs are updated automaticallly from microsoft upon first access in Vista/2008 and newer.
usts-pwAuthor Commented:
Thanks for the imput.  I ended up calling Microsoft and opening a call and they sifted through the reckage.  Thanks!  Paul
We are using Load Balancer named Radware(App Director) in our organisation. Today our application certificate was expired. so we have changed the new certificate,After changed new certificate our clients are not able to connect application. They are not able to connect application. They are getting the below error. " This CA Root Certificate is not trusted.  To enable trust, install this certificate in the Trusted Root Cerification Authorities Store.  How do i do this?"
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.