We have all outlook2003 clients configured with rpc over https using exchange.domainname.com, and users use mail.domainname.com to access their owa. So I configure "external host name" for Outlook Anyswhere to be exchange.domainname.com And I configure both "internal url" and "external url" on the owa directory to be mail.domainname.com Make sure I install the 2 separate public certificates and enable them for IIS. Then what what I'm experiencing is that the exchange cert gets bound to the default website, and when I try to access mail.domainname.com/owa my browser throws a certificate mismatch error. What would be my options to get this to work ? (without having to change outlook config, or teach users to use a different URL for OWA) Thanks, Andre.

I'm sure you need this article How to Configure SSL Certificates to Use Multiple Client Access Server Host Names

Jammy, Thanks I had read that article a few times already.... However it assumes that you are in a position to get 1 single cert to cover all your bases... Although great idea in theory, it isn't something that always works out in practice... In my situation: I can create any certificate I want with my internal CA (which will ONLY be trusted by computers that are part of our domain) This is OK for internal access, and even Outlook Anywhere (RPC), however I want my OWA to be accessible from public non domain computers as well, so I wish to use our publicly signed domain wildcard certificate for that. I Guess what I'm looking for is instructions to move some of the exchange virtual directories to different websites so they can have a different certificate (and I can live with it if that means an additional IP address as well). As well as I'm still puzzled to what the function of the internalurl and externalurl fields is ;-) Andre.

Andre, In my case also use Internal ans External Url for our client to access OWA,Outlook anywhere,SMTP,POP3..... The only difference with your situation is I just have only one Certificate in Client Access Server role(Use multi host name in this CA). In your case will suggest you deploy two CAS in your AD Site one for internal url other for external url..

Hello Guys, after few days of research, I found the matter of this problem, and I wanted to post this, because I hope you won't waste the time as myself. the problem is much simple as you think, because exchange autogenerate the certificate even if a CA in not present in the AD. then when you would like to use outlook anywhere, you have to generate a certificate with an external name, otherwise rpc over https won't work. but if you do this outlook 2007 got the certificate error appear when you open it. to solve the problem we need to generate a certificate with multiple server name. you must generate the request directly from the exchange management shell. follow the instruction at this link: http://technet.microsoft.com/en-us/library/aa995942.aspx Ciao Emanuele

Thanks Emanuele, I had since posting figgured out how to resolve this. See also http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1161830&SiteID=17 Andre.