Outlook clients report a Certificate name Mismatch after an SSL Certificate is added to an Exchange Server
"The name on the security certificate is invalid or does not match the name of the site"
This message appears frequently, usually within a few moments of opening Outlook.
The cause is that Outlook clients are passed the certificate by the server, and have noted that the webmail address of the certificate does not match the internal name of the server.
Internal Server name: exchange.local
Webmail address: http://webmail.company.net/owa
Certificates are now usually not available which reference domains which companies do not own. For example, you will likely not be able to purchase a certificate that contains your webmail address (a domain which you own) and your internal addressing scheme (for example, .local) which you do not own.
One solution to this is to use an internal addressing scheme which matches the domain that you own. For many companies, this is not practical without an entire forest migration.
The solution is to modify settings within the Exchange server so that Outlook clients reach the resources that they need to using the external address.
Set-WebServicesVirtualDirectory -Identity "exchange\EWS (Default Web Site)" -InternalUrl https://webmail.company.net/ews/exchange.asmx
Set-OABVirtualDirectory -Identity "exchange\oab (Default Web Site)" -InternalUrl https://webmail.company.net/oab
This last command is not required on Exchange 2010:
Set-UMVirtualDirectory -Identity "exchange\unifiedmessaging (Default Web Site)" -InternalUrl https://webmail.company.net/unifiedmessaging/service.asmx
Always test changes immediately, ensuring that both Outlook clients and webmail clients function correctly.
If you require additional informatin please contact Stone support. A range of support services are available to assist customers.