When you go through the Exchange 2010 manage hybrid configuration wizard, at the Mail Flow Security option the certificate list is empty. When you click on view certificate you get the error “No valid certificate exist for the Hub Transport server(s)”.
When you take a look in the Exchange Management Console at server configuration your certificate is visible and also valid. When you run the following command in the Exchange Management Shell: Get-ExchangeCertificate | FL you will see the result RootCAType : Registry as result.
The problem in this case was that the Root CA certificate (in this case the GoDaddy Root CA certificate) was only available in the Thrusted Root Certificate Authorities store and NOT in the Third-Party Root Certificate Authorities store.
Open a mmc windows and add the Local Computer Certificates snap-in, browse to the Thrusted Root Certificate Authorities / Certificates store and export the Root CA certficate (when not avaiable at all, get the certificate from your provider).
Then browse to the Third-Party Root Certificate Authorities / Certificates store and right choose all tasks and choose Import. Follow the wizard and import the exported certificate in the selected store.
You should now see the Root CA Certificate in the Third-Party Root Certificate Authorities / Certificates store.
When you run the following command in the Exchange Management Shell: Get-ExchangeCertificate | FL you will now see the result RootCAType : ThirdParty as result.
When you now go through the Exchange manage hybrid configuration wizard you should be able to select the certificate and complete the wizard.