I am setting up certificates in really simple on-prem environment - 2 servers: 1st - multirole (no mailboxes, just for simple relay and O365 management), 2nd - edge role.
Everything works when I generate certificate directly in Exchange, however when trying to use the certificate from the local CA emails are stuck in the queue on multirole server. The root certificate is added to the trusted root store on the edge server. I do not really have any more ideas on what can be done, what I've done was:
Generate new subscription file on edge
Enabled local CA certificate on multirole server for all the services (IIS,SMTP,POP,IMAP)
Imported build new subscription on multirole server based on the subscription file
Started the synchronization
Rebooted the servers
Synchronization seems to be ok - got susscesss state, however messages sit in the queue on multirole server with no willingness to go to the edge server, any ideas what step do I miss?