A certificate installed on an Exchange Server 2010 server may display the following error message.
The certificate is invalid for exchange server usage
This can occur when the certificate cannot be verified to a trusted certificate authority. This may occur when the certificate has been issued by a private certificate authority.
To correct the problem you must install the root certificate for the certificate authority. For a private certificate authority this can be obtained from the web enrollment page (eg http://ca-server/certsrv).
Browse to the web page and click on Download a CA Certificate, Certificate Chain, or CRL.
Click to download either the CA Certificate (if the certificate was issued by a root CA) or the Certificate Chain (if the certificate was issued by an intermediary CA).
Launch a new Microsoft Management Console (Start -> Run, mmc.exe) and add the Certificates snap-in to it, connecting to the Computer Account for the Local Computer.
Navigate to Trusted Root Certification Authorities. Right-click on Certificates and choose All Tasks and then Import.
Browse and choose the CA Certificate or Certificate Chain that you downloaded earlier.
Place the certificate in the Trusted Root Certification Authorities store.
Complete the import wizard and then refresh the Exchange Management Console, and the certificate should now be valid.