An administrator asks:
"I'm trying to configure SSL for OWA 2007. When I try to access OWA via using //mail.mydomain.com/owa, I receive an error message: Security Error: Domain Name Mismatch"
This means the certificate you created does not have the correct domain name. To make it easier to get the domain configured correctly, you can use the Digicert Wizard to generate the cmdlet you need to create the correct certificate.
Paste the resulting cmdlet into the Exchange management shell and press Enter to create the CSR which you'll use to request the certificate. If you have your own certificate server issue the certificate, external users will need to install the Root CA to prevent this error. Purchasing a public certificate will eliminate the error as well.
Exchange 2007, Certificates, and POP3/IMAP clients
An organization recently upgraded to Exchange Server 2007 and has a problem with their security certificate: users accessing the server with Outlook Express receive the following message every time they open the program:
The server you are connected to is using a security certificate that could not be verified. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. Do you want to continue using this server?
Clicking Yes works, but these dialogs get old fast.
This is a common problem with self-signed certificates. The users need to add the certificate to the local
certificate store on their computer. If Outlook Express isn't presenting a dialog that allows users to view and install the certificate, users can log into OWA to download it (assuming you use the same certificate for OWA), otherwise the administrator needs to send it to the users or provide a link to download it. Once its added to the local store, the warning will stop.
Outlook Anywhere (RPC over HTTP) and self certs
Having trouble with RPC over HTTP and using a self-issued certificate?
You need to install the certificate on your computer first. RPC over HTTPS doesn't trigger a dialog asking if it is ok to connect to an untrusted server, it just fails.
To install the certificate on your workstation, export the certificate from the Certificate Manager on the server and install it under Trusted Root Cert Authority on your Local Computer.
Troubleshooting RPC over HTTP Communications
More Information
MSKB Articles:
Outlook connection issues with Exchange 2010 mailboxes due to RPC encryption requirement
Outlook displays the Security Alert dialog box when Exchange is using a self-signed certificate