I am trying to create an encrypted folder on our server that will be accessible to only a few users. When I tried to encrypt it, I got the "EFS recovery policy contains invalid recovery certificate" error, so I started to follow the instructions how to export then import the EFS private certificate. Now I am getting an error that says "Windows cannot determine if this certificate has been revoked......" error. If I go ahead and install this certificate anyway, the Recovery agents gets labeled UNKNOWN_USER.
The server I am trying to install the recovery agent is not the domain controller, so I exported the EFS certificate from the domain controller, then moved it to this file server. I am not sure if this is the correct method. Also, the certificate I exported had the expiration date that is in the past, so I am very confused.