MailStore Error ‘The certificate with identifier used to sign the client assertion is expired on application. [Reason – The key used is expired’

This is a common issue as the Application certificate that has been created in MailStore and uploaded to Azure Portal will have expired. To resolve this you need to create a new certificate within MailStore and upload it to the mailstore registered APP in the Azure portal.

The steps to do this are..


  1. Open the MailStore Client, login as An Administrator and navigate to Administrative Tools > Users and Archives > Directory Services.
  2. You should already be using the Directory Services Type ‘Microsoft 365 ( Modern Authentication).
    Under the Connection > Credentials section click on the three dots after the pull-down menu to open the Credentials manager.
  3. Select and edit the Credentials you have previously created.
  4. Click on the small down arrow after the certificate section, and choose ‘Create Certificate’.
  5. Click on the small down arrow after the certificate section, choose ‘Download Certificate’ Name and save the certificate to a local folder.
  6. Choose OK to save the changes within the Credentials.
  7. Choose ‘Apply to apply these changes in the credential Manager and close it.
  8. Open the Azure Portal and navigate to the App Registrations (Direct link
  9. Select the MailStore application within the ‘All applications’ section.
  10. On the left hand menu select ‘Certificates & Secrets’.
  11. Click on ‘Upload certificate’.
  12. Select the file you previously saved and  add a description and click add to add the certificate.
  13. Take note of the Expiry date, we recommend adding a calendar reminder before this date to repeat this process.