I installed an SSL Certificate on my Exchange 2007 server. I included the IIS and SMTP services when I installed it using the Import-ExchangeCertificate and Enable-ExchangeCertificate commands. Now I get a certificate error when my users are in Outlook on my network.The security certificate is from a trusted certifying authorityThe security certificate date is valid.The name on the security certifiacte is invalid or does not match the name of the site.How can I remove the new SSL certificate from the SMTP service and use the the one generated when I installed Exchange 2007? PDC

Is this what you are seeing?:http://support.microsoft.com/kb/940726Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: "The name of the security certificate is invalid or does not match the name of the site

I ran all of the commands and the issue is still occurring. Do I need to reboot the Exchange server?PDC

I ran the commands in the article you suggested and the problem is still occurring.PDC

What URL isnt matching?Test Email autoconfiguration following the steps here:http://msexchangeteam.com/archive/2007/03/05/436656.aspx Then look at the results and find the URL that doesnt match the FQDN on the cert.

I found that when I change:Set-ClientAccessServer -Identity CAS1 -AutodiscoverServiceInternalUrihttps://webmail.mycompany.com/autodiscover/autodiscover.xmlThe issue disappears, but when I run the "Test Email Autoconfiguration" utility it fails. I replace CAS1 with my local server name (dpserver03). I replace webmail.mycompany.com with wm.pdcarea.com, which is the certificate I installed. Any help is appreciated. PDC

Do the necessary URLS exist in the DNS your client is using and point to the client access server? (wm.pdcarea.com?)Also, as an extra check, run ExBpa against the server.

I added wm.pdcarea.com into the DNS server, and the error started again.PDC

and are the URLS set correctly per that KB article?Everything has to match. The URLS defined in AD and the FQDN defined on the certificate you applied to the Client Access Server. I would walk through that article again and confirm all the settings are correct.

When I point all the URLs to the internal computer name of the server it attempts to open the wm.pdcarea.com SSL certificate. It is the AutoDiscover URL that is causing the issue. The "Test Email Autoconfiguration" utility confirms that the URLs are correct. I'm guessing that when I install the wm.pdcarea.com SSL it overwrote the dpserver03 certificate generated by Exchange. I don't know how to rectify this situation.PDC

Correct, when you used enable-exchangecertificate, it applied the cert to the services you listed. You can always undo that by enabling the services against the other cert, though Im stil not quite clear why this isnt working for you and which cert you want to use.

I want to use the wm.pdcarea.com cert for Internet web mail access to the Exchange 2007 server.PDC

Will internal OUtlook users connect to that FQDN as well? Or another URL? Does this certificate have multiple names ( I.e. a SAN/UCC certificate) or only wm.pdcarea.com? http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspxhttp://msexchangeteam.com/archive/2007/04/30/438249.aspxExchange 2007 Autodiscover and certificates http://msexchangeteam.com/archive/2007/02/19/435472.aspxExchange 2007 lessons learned - generating a certificate with a 3rd party CA

No, internal Outlook users will not connect to wm.pdcarea.com. Internal users can usehttps://dpserver03/owa which works now. Only Internet OWA users will use wm.pdcarea.com. It is not a UCC cert.PDC

Sounds like you need a UCC cert or use the single name cert and take a look at this article to make it work for you:http://www.amset.info/exchange/singlenamessl.asp Exchange 2007 Single Name SSL Certificate

Hi, I agree with Andy. In real world scenario, we suggest you use a SAN certificate. More on Exchange 2007 and certificates - with real world scenario http://msexchangeteam.com/archive/2007/07/02/445698.aspx Thanks, Elvis

Thanks for everyones help. I purchased a SAN certificate and everything is working properly. I only enabled the IIS service. Should I consider other services?PDC

IMAP and POP3 and SMTP if required. Glad you got it working!

Be glad to hear it's working now.