Avatar of John Water
John Water
Flag for United States of America asked on

Getting errors opening on Premise Exchange mailboxes after updating MS Exchagne selfsigned certificate.

I have Exchange 2013 server on Premise. I needed to update the self signed Exchange certificate. I did so by going through the Exchange Admin Center servers\Certificates. I then selected the "Microsoft Exchange" in the list  and then "Renew". It updated with no apparent problems. When I go to the webmail url to open up a mailbox on this server I get a message "This CA Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities Store."

I can go to PS and enter Get-ExchangeCertificate on the server and I see the correct, newly updated, certificate.
I can go to MMC, certificate and do not see the newly update Exchange Server Certificate, I do, however see the old one in the Trusted Root Certification Authorities\Certificates folder.

I believe if I can get the newly renewed certificate to into the Trusted Root Certification Authorities certificates folder. I am sure how to get this done.

If anyone has any ideas how to correct the error I am getting, I would appreciate any/all input.

Avatar of undefined
Last Comment
John Water

8/22/2022 - Mon
Saif Shaikh

Self-Signed certificates are not trusted certs, you need a third party SAN certificate for it to trust.

However you can follow below: 

Install the certificate

On Microsoft Windows

  1. Open Microsoft Management Console (Start --> Run --> mmc.exe);
  2. Choose File --> Add/Remove Snap-in;
  3. In the Standalone tab, choose Add;
  4. Choose the Certificates snap-in, and click Add;
  5. In the wizard, choose the Computer Account, and then choose Local Computer. Press Finish to end the wizard;
  6. Close the Add/Remove Snap-in dialog;
  7. Navigate to Certificates (Local Computer)
  8. Choose a store to import:
    1. If you have the Root CA certificate for the company that issued the certificate, choose Trusted Root Certification Authorities;
    2. If you have the certificate for the server itself, choose Other People
  9. Right-click the store and choose All Tasks --> Import
  10. Follow the wizard and provide the certificate file you have;

If you are getting the error in browser for trust then follow below: 

Right-click the “Internet Explorer” icon, then choose “Run as administrator“ or just the application in “Internet Explorer”.

Visit the website, and choose the option to “Continue to this website (not recommended).”.

Click where it says “Certificate error” in the address bar, then choose “View certificates“.

Select “Install Certificate…“.

Select “Next“. Select the “Place all certificates in the following store” option. Select “Browse…“.

Choose “Trusted Root Certification Authorities“, then select “OK“.

Select “Yes” when prompted with the security warning.

Select “OK” on the “The import was successful” message Select “OK” on the “Certificate” box.

Rerun the Applications.

John Water

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Your help has saved me hundreds of hours of internet surfing.