I usually have a practice when deploying Lync Access Edge, which is to use the Internal CA server to issued out the external interface certificates. After confirming that all of the configurations and settings are in-place, only then I’ll proceed to generate the actual certificatefront SSL providers.

In a recent deployment, I’d perform the same thing but somehow I’d forgot to cleanup the internal CA certificates at the external interface which wfor testing testing. Sotheater generating the offline CSR and issued it over to GoDaddy, certificate was generated successfully and got it downloaded in no time. However when importing the .CRT certificate to the certificate store, I realized that the certificate status was:

Certificate has expired or is not yet valid

So when attempting to assign the certificate onto the Access Edge external interface, the setup wizard didn’t allow the option to select my newly generated certificate. After realizing that another similiar certificate exist in the same store (generated by the internal CA), upon removing these unused certificates solves the problem.

Conclusion: always make sure that there’re no duplicated certificates in your certificate store.