Q: I've just replaced the preinstalled Secure Sockets Layer (SSL) certificate for the default Web site in Microsoft IIS on my Exchange 2007 server. The preinstalled certificate had the name of the Fully Qualified Domain Name (FQDN) host name. Now, to be able to browse Outlook Web Access (OWA) or synchronize via Exchange ActiveSync (EAS), I decided to replace the SSL certificate with one named mail.domain.com. I'm now able to use OWA via the Internet, but my Microsoft Office Outlook 2007 client comes up with a certificate warning every time I access my mailbox: Name on the Security Certificate is Invalid or Does not Match.... Do you know what’s causing the warning and how to fix it?

A: According to the Exchange 2007 Help file, when you create a certificate or certificate request for a Client Access server, you need to include the following set of domain names in the request:

  • Local or NetBIOS name of the server—for example, owa1
  • All the accepted domain names for the organization—for example, contoso.com
  • The FQDN for the server—for example, owa1.contoso.com
  • The Autodiscover domain name for the domain—for example, Autodiscover.contoso.com
  • The load-balance identity of the server if you’re using one—for example, owa.contoso.com

For more information about SSL and the Client Access server role, see Managing SSL for a Client Access Server and How to Configure SSL Certificates to Use Multiple Client Access Server Host Names.