Ok so this is a weird one for me, for a while I have had a few clients using CAcert.org CA certs with no issue, This particular server has been running one for the past year or so and it has just expired. When renewing the cert in the "set up your domain name" in the Anywhere access setup on Windows server 2012 r2 like I have done so many other times on other servers I get the message "You can import only trusted SSL Certificates. Get a trusted SSL certificate, and then import the trusted certificate" after pasting the text from the cert into the import the trusted certificate tab in the wizard. Have also tried pasting to a text file and renaming to .cer but get the same issue.
Strange thing is I did the exact process on another customers machine about a week ago that is an identical machine and it went without a hitch.
I have installed the CAcert.org root certificate also (but have not actually rebooted the server since).
Doh, as I was typing this it hit me, I might have installed the client package instead of the cert for the local server, went through the process documented in this video - https://www.youtube.com/watch?v=aXBiV3pQrLg
up to about the 6 min mark of importing server cert and we are all good to go. this is puzzling as I had already imported this cert a while back on setup, but anyway solved the issue which is the main thing!