Last week I replaced the expired POA certificates on 3 Post offices. We use a wildcard certificate with separate private keys for each POA. These are the same type and vendor that we had for the last 3 years.
My windows 7 and windows 10 clients with GW 2014 and GW2018 clients have had no problems (except for when I forgot to restart the agents after updating the certificates). My Mac clients with Sierra and High Sierra get a pop up everytime they open their mailbox and everytime they proxy. The popup has a link to inspect the certificates that doesn't work. The only options are to accept or reject the cert.
I thought installing the certificates on each mac would fix it. So far it's reduced the number of times the user is prompted but thats it.
A couple of other anecdotal observations:
[INDENT]If I connect to the web interface with Chrome or Safari which have the same certificates I have no problems. THe certificates are great.
When I received an email from a vendor with HTML protected by the same type of cert (wildcard and from the same CA) I get an error, claims the intermediate CA isn't present in the certificate. [/INDENT]