Tridion Docs - The X.509 certificate CN=[...] is not in the trusted people store

When you connect to LiveContent Architect or Knowledge Center Content Manager WebUI with a web browser you  see the error message The X.509 certificate CN=[...] is not in the trusted people store.
CN=... is the subject name of a certificate used by the installation.
 

There are 2 options to get further.
1)     Is finding out why the application server cannot retrieve the CRL. Probably due to firewalls and proxy server restrictions. Sometimes an application server in DMZ is not allowed to connect outside of its DMZ.
2)     The other option is to extract a public key only certificate (right click on the certificate in the computer - personal store) and save it as cer file.
        Then import this cer file into the Trusted people container of the certificate store. Then it will only do a peer trust validation and not a chain trust validation.
Configure the \InfoShare\Web\Author\ASP\Web.config and \InfoShare\Web\InfoShareWS\Web.config  certificateValidation - certificateValidationMode to do PeerOrChainTrust (default setting) or PeerTrust.

The LCA or KC CM application server is unable to do chain trust validation. Chain trust validation means that the application server checks with the certificate authority that signed the certificate if the certificate is revoked or not.
If you open the certificate Details there is a CRL Distribution Point property. This contains http urls that point to crl file (for example http://crl3.digicert.com/ssca-sha2-g4.crl) .

If the application cannot retrieve this crl file from the certificate authority, the chain trust validation fails.

Also see:
Troubleshooting Relying parties and Certificate issues