Hey everyone I have an interesting problem.... I have moved our company to Exchange 2010 from 2003 and everything went as smooth as possible except this OWA install. I will make this short: Our internal domain is company.INC while our external domain is company.COM This creates a problem for us when I go to issue a Cert for OWA because a you well know .INC is NOT a valid FQDN on the internet. So when I apply the 3rd party cert for webmail.company.com all my internal users start getting the dreaded Security Alert box warning them that "the name on the security certificate is invalid or does not match the name of the site." So I am stuck since I cannot request a SAN cert since our internal name is not a valid FQDN.......how can I get around this? I have our firewall pointing to our internal IP address for OWA at X.X.X.24 and the default website for Exchange 2010 is X.X.X.20 So I tried assigning the Cert in binding on IIS to just the X.X.X.24 address but it seems that Exchange also uses the x.x.x.24 address in addition to x.x.x.20 which I do not understand......maybe because my internal DNS resolves the server name to both IP's? Any help would be appreciated and thank you ahead of time!

Please explain a bit more regarding the actual issue and include error messages, events in the logs etc. Do also explain how your environment looks and the servers it consists of, thanks!Martin Sundstrm | Microsoft Certified Trainer | MCITP: Enterprise Messaging Administrator 2007/2010 | http://msundis.wordpress.com

We have one Exchange server 2010 with all roles installed on the same server (windows 2008 R2 SP1) The issue is when I use a third party Cert for OWA all my INTERNAL Outlook clients get the Security alert dialogue box when they use Outlook internally (2007 and 2010). The error message on the dialogue box tells them that the certificate doesn't match the name of the site. They must keep clicking "yes" every so often in order to use Outlook which of course is frustrating to the end user. If I go back to the self-signed cert that Exchange created it of course works (users do not get prompted every few seconds because the cert is not valid) BUT when you use OWA outside our network it gives you the "Certificate is invalid" because the Cert is the self signed cert from the Exchange server (which ends in .INC which is NOT a valid internet FQDN). Our internal domain name is not a valid FQDN because it ends in .INC (this was done before I started) so I cannot use a SAN certificate because a 3rd party authority (like verisign) cannot issue a cert for a FQDN domain name that ends in .INC Since I cannot use a SAN certificate the Exchange server wants to use webmail.company.com for the internal outlook clients to connect to, when they use this cert the name does not match because internally the server name is servername.domainname.INC and the cert exchange is trying to use is webmail.company.com. Basically, I want to use the self-signed INTERNAL cert for the outlook clients to connect to Exchange while on our internal network AND use the 3rd party PUBLIC cert (webmail.company.com) for EXTERNAL owa access. There is nothing in the logs because this is a soft (annoying) warning from outlook.

Read this KB for the cert warning: http://support.microsoft.com/kb/940726 Read this for single name certs and Exchange: http://www.amset.info/exchange/singlenamessl.asp Written for Exch 2007, but still applies. Add the ECP virtual directory to the list of URLs to configure.Tim Harrington | MVP: Exchange | MCITP: EMA 2007/2010, MCITP: Lync 2010, MCITP: Server 2008, MCTS: OCS | Blog: http://HowDoUC.blogspot.com | Twitter: @twharrington