Right,
I want to issue a certificate for web mail access to exchange, so I've created a request for mail.domain.com (no other domains).
I've then completed the certificate request and imported it and issued the 'IIS' service to the new cert, all other services are still assigned against the locally assigned cert.
However, when I open Outlook I get:
Which Outlook is seeing the certificate issued to CN: mail.domain.com but locally the server is known as exchangeserver.local, so hence the names do not match.
I've tried adding autodiscovery and the local name to the cert but makes no difference, what am I missing???
Best Answer
Changing the internal server names, as suggested by MichelZ, is one option, but personally, I find it easier to add a bunch of names to the SAN (Subject Alternative Names) field in the certificate to be a lot easier.
The corporate Exchange server I manage, for example, has 17 SANs on the certificate - so there are 18 names the users can use to access the mail server without generating a certificate error.
Either way, make sure your certificate is loaded in both IIS and Exchange, though.