Question : Internal Cert Issue

Have recently upgraded a local non-profit to Exchange 2010. The upgrade has largely gone very well.

Internal users receive an error on opening of Outlook 2007 stating there is a name mismatch in the cert.

Our scenario:

The internal domain name (xxxx.com) and external domain name (yyyyy.org) are different. The external domain name is owned by the non-profit, the internal domain name is actually owned by another party (legacy of previous IT administrations). We are pursuing the purchase of the internal domain name.

The perfect solution would have been to purchase a UCC, but as the internal domain name is owned by another party.....

We do have the cert installed for the external domain and external users are able to connect via web, etc with no problems.

The only real issue is dealing with internal users of Outlook 2007 (approximately 45 in number) and how to best resolve the cert error that is received when Outlook is opened. We have investigated self-signed certs for internal use, as well as an internal CA.

Our environment is Windows 2003/Windows 2008 DCs. Exchange is running on Windows 2008.

We are open to either the self-signed or internal CA option. There seems to be a lack of concise directions for our particular scenario. Any guidance would be very much appreciated.

Answer : Internal Cert Issue

Outlook 2007 connects not only to your Client Access Server "external.company.com" but also connects to webservices running on your CAS for "Offline Addressbook, Availability Service and Unified Messaging"

Please go through.
http://www.pro-exchange.eu/modules.php?name=News&file=article&sid=345
http://www.folin.se/index.php/2008/09/04/outlook-2007-security-alert-the-name-of-the-security-certificate-is-invalid-or-does-not-match-the-name-of-the-site/michaelfolin