I had some really strange behaviour when playing with certificates within my Exchange 2010 / Office 365 lab earlier on today. I wanted to add another SAN entry on to the certificate I already had from GoDaddy, so that I could get my ADFS 2.0 farm up and working prior to publishing through TMG.After jumping through the usual hoops with the CA, I downloaded the certificate and went to complete the pending request on the Exchange console. After completing the pending request I was left with a non-complete certificate request:-

To resolve:-
1) Remove all stale certificates from the certificates snap-in in MMC
2) Install the new certificate from your CA (with the nice shiny new SAN entry) via MMC into the Personal store
3) Open up the certificate and go into the Details pane:-

4) Copy the thumbprint details to your clipboard5) Open up an elevated command prompt and insert the following command:-
Certutil -repairstore My INSERT COPIED THUMBPRINT
You should see output similar to the following:-

After a quick refresh in the EMC console, you should now see your usable certificate once more! PS – Once assigned to the correct services, don’t forget to restart IIS! Neil