private static void WarnIfNotBestMatch(ExchangeCertificate certificate, IConfigurationSession session, Server server, List <LocalizedString> warningList) { if (warningList == null) { return; } X509Store x509Store = new X509Store(StoreName.My, StoreLocation.LocalMachine); try { x509Store.Open(OpenFlags.ReadOnly); using (ChainEngine chainEngine = new ChainEngine()) { IEnumerable <ManageExchangeCertificate.FqdnConnectors> connectorFQDNs = ManageExchangeCertificate.GetConnectorFQDNs(session, server); foreach (ManageExchangeCertificate.FqdnConnectors fqdnConnectors in connectorFQDNs) { X509Certificate2 x509Certificate; if (ManageExchangeCertificate.CertificateHasLowerPrecedence(x509Store, chainEngine, fqdnConnectors.Fqdn, certificate, out x509Certificate)) { if (!new ExchangeCertificate(x509Certificate).IsSelfSigned) { warningList.Add(Strings.WarnCertificateWillNotBeUsedBestIsPKI(x509Certificate.Thumbprint, fqdnConnectors.Fqdn, fqdnConnectors.Connectors)); } else { warningList.Add(Strings.WarnCertificateWillNotBeUsed(x509Certificate.Thumbprint, fqdnConnectors.Fqdn, fqdnConnectors.Connectors)); } } } } } finally { if (x509Store != null) { x509Store.Close(); } } }