EJBCA certs not working in Exchange Online/Outlook

[z-privoro]

I've created a RootCA and generated a public-private key pair for my Exchange Online environment. I publish the public key to my account in Exchange Online using Powershell. I also publish a .sst file to Exchange Online containing the RootCA generated by EJBCA. But when I attempt to send an S/MIME encrypted email using the certs created in EJBCA, Outlook give me an error saying the certs can't be found or are invalid. When I use certs created using OpenSSL, everything works fine. It's only the EJBCA certs that cause a problem.

Is there a parameter or setting in EJBCA that I need to have enabled?

[primetomas]

For S/MIME it is important which fields you include in the certificates. You configure the fields in your certificates in EJBCA in the Certificate Profiles. If you have a working certificate from somewhere else you can use that as a template, i.e. list the field (openssl x509 ...) and configure your certificate profile in the same way. Then you can verify that you certificate issued from EJBCA have the same fields (i.e. similarly with openssl x509 ... for example).