I hate Certificates

So, today I got a call because a user was getting an error opening outlook. The company's certificate had expired the day before. I looked and it seemed like it was just a self-signed cert, so I went through the process outlined to renew an exchange 2008 cert, and put it in place, then removed the old one. Guess what? Now the user's getting an error because the certificate isn't from a trusted authority. WTF?!? It didn't have a problem with the old one, but now that one was gone so I couldn't just look at the certificate and see where it came from. The real problem though, was the fact that the domain didn't even have a proper CA, so the cert ended up just being installed locally on the machine. After manually installing the new cert on the user's workstation, everything was just fine, which is stupid because now we'll have to do that for every other user that's got a version of outlook that's running SSL.