Error: "The certificate is invalid for Exchange Server usage" using Microsoft Exchange 2010 server

Solution ID:    SO17159    Updated:    04/22/2016


The certificate is invalid for Exchange Server usage.


This error may occur on Microsoft Exchange 2010 server, if the following conditions are true:

     • Missing GeoTrust Intermediate CA


To resolve this issue with Microsoft Exchange 2010 server, perform the following steps:

Step 1: Obtain the GeoTrust Intermediate CA

  1. Download the GeoTrust CA certificate.

Step 2: Adding the Certificates Snap-in to the Microsoft Management Console (MMC):

  1. From the Web server, click Start
  2. In the Search programs and files field, type mmc
  3. From the Programs list, click mmc.exe
  4. At the permission prompt, click Yes
  5. From the Microsoft Management Console (MMC), click  File > Add/Remove Snap-in
  6. From the list of snap-ins, select Certificates
  7. Click Add
  8. Select Computer Account
  9. Click Next
  10. Select Local Computer (the computer this console is running on)
  11. Click Finish
  12. In the Add/Remove Snap-in window, click OK
  13. Save these console settings for future use

Step 3: Install the GeoTrust Intermediate CA

  1. Using the same Console, double-click on Intermediate Certification Authorities from the right pane
  2. Right-click on Certificates from the right pane and select All Tasks > Import to open the Certificate Import Wizard
  3. Click Next
  4. Specify the location of the GeoTrust intermediate file obtained from Step 1 by clicking Browse
  5. Click Next
  6. By default, it will place the certificate in the Intermediate Certification Authorities store. Keep this selection and click on the Next button.
  7. Click Finish
  8. A message will appear confirming the successful import of the certificate. Click OK.

Step 4: Assign SSL certificate to Exchange Server 2010 Services

  1. Launch the Exchange Management Console
  2. Navigate to Server Management, and select the server that has the certificate installed
  3. Right click the SSL certificate you wish to assign and choose Assign Services to Certificate
  4. Click Next to continue the wizard
  5. Choose the services you wish to assign to the certificate (e.g., Internet Message Access Protocol, Post Office Protocol, Simple Mail Transfer Protocol, Internet Information Services and Unified Messaging) and click Next
  6. Click Assign to execute the change
  7. When task has completed successfully, click Finish to close the wizard



Geotrust has made efforts to ensure the accuracy and completeness of the information in this document. However, Geotrust makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. Geotrust assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.

Further, Geotrust assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. Geotrust reserves the right to make changes to any information herein without further notice.

Contact Support

Find Answers

Search Tips