I have Exchange 2013 server on Premise. I needed to update the self signed Exchange certificate. I did so by going through the Exchange Admin Center servers\Certificates. I then selected the "Microsoft Exchange" in the list and then "Renew". It updated with no apparent problems. When I go to the webmail url to open up a mailbox on this server I get a message "This CA Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities Store."
I can go to PS and enter Get-ExchangeCertificate on the server and I see the correct, newly updated, certificate.
I can go to MMC, certificate and do not see the newly update Exchange Server Certificate, I do, however see the old one in the Trusted Root Certification Authorities\Certificates folder.
I believe if I can get the newly renewed certificate to into the Trusted Root Certification Authorities certificates folder. I am sure how to get this done.
If anyone has any ideas how to correct the error I am getting, I would appreciate any/all input.
Self-Signed certificates are not trusted certs, you need a third party SAN certificate for it to trust.
However you can follow below:
Install the certificate
On Microsoft Windows
If you are getting the error in browser for trust then follow below:
Right-click the “Internet Explorer” icon, then choose “Run as administrator“ or just the application in “Internet Explorer”.
Visit the website, and choose the option to “Continue to this website (not recommended).”.
Click where it says “Certificate error” in the address bar, then choose “View certificates“.
Select “Install Certificate…“.
Select “Next“. Select the “Place all certificates in the following store” option. Select “Browse…“.
Choose “Trusted Root Certification Authorities“, then select “OK“.
Select “Yes” when prompted with the security warning.
Select “OK” on the “The import was successful” message Select “OK” on the “Certificate” box.
Rerun the Applications.