Users may receive an error when importing an S/MIME Certificate on G-Suite with Enhanced Encryption settings enabled on their account.

Error Message:
Invalid Certificate - The X.509 Certificate isn't trusted. Review the documentation and replace the certificate.

Root Cause:
The error will occur when the user imports an Email Certificate (with a validity lifespan of more than 27 months). As per G Suite requirements, the validity period of an Email CertificateMUST not exceed 27 months.

It is recommended that the user have a 1 year or 2 year Email Certificate when enabling the Enhanced Encryption setting on G Suite.

Reference: https://support.google.com/a/answer/7300887 ( See 'End Entity Certificate' section )