Setting up a hybrid environment for Exchange can sometimes be a tricky process, especially when dealing with certificates. Recently, I encountered a problem during the Exchange Hybrid Configuration Wizard setup where the certificate from a public certificate authority (CA) was not available for selection. Here’s a detailed account of how I diagnosed and resolved the issue.
While running the Hybrid Configuration Wizard, I noticed that the online certificate I needed wasn’t available for selection, despite having signed certificates displayed. A quick search suggested that the commercial certificate might be incorrectly installed.
This led me to check the certificate using PowerShell and specifically focus on the RootCAType property.
The RootCAType property is crucial in identifying the kind of CA that issued the certificate:
- ThirdParty: Indicates a commercial, public root CA.
- Registry: An internal, private PKI root CA manually installed.
- None: No CA information.
