We have 2 lync front end servers, with a internal certificate from our internal ROOT CA and a Public CA certificate.

Nothing was changed, we have noticed that when we launch lync control panel we receive a cetificate error "the name on the certificate is invalid or does not match the name"

When we check the certificate details it shows the Public SAN cetificate and if we continue it gives a access denied error.

All the services are up and when we run the deployment wizard it shows all the certs as valid and assigned. 

We tried unassign and reassign the certificates and reboot, still it gives the same security alert and cert error.

The Control panel opens up  when we try https://servername.domainname.com/cscp or https://poolname.domainname.com/cscp from IE

The CSCP should be using the internal certificate, are you using a hardware load balancer for the Lync Web Services? Seems as though you are hitting the Lync Web External Web services page. Did you specified an Internal Lync web services URL in the Topology builder, is this configured on the Hardware load balancer with the Internal cert?

We have a Kemp Load master and i noticed that certificate assigned for Lync web services internally on port 443 was a Public SAN Cert.

I changed the Cert to internal cert. Now i get error "navigation to this page was cancelled" "This program cannot display the webpage"

Make sure the Kemp Load Master trusts the root certificate for your Internal CA. 

I have happened to see the error "Navigation to this page was cancelled" on Lync control panel.

The following is my conclusion to troubleshoot this error.

On Lync Front End Server.

1. Click Start, click Administrative Tools, and then click the Internet Information Services (IIS) Manager.
2. In the Connections pane, expand the Web service.
3. Expand Sites, and then click Lync Server Internal Web Site.
4. Expand Lync Server Internal Web Site, click cscp.
5. in the Actions panel, click Browser *:443(https).
6. To access the URL https://localhost/cscp. You need to add lync admin account to CSAdministrator group.
7. If the cscp web site doesnt exist, you need to check you have deploy Administrative access URL for Lync control panel access. After you deployed Administrative access URL, you need to run Step2:Setup or Remove Lync Server Components in Lync server Deployment Wizard.
8. If you can access https://localhost/cscp but cant access from Lync Server Control Panel, then you need to check these DNS records below(suppose the domain is contoso.com):

admin.contoso.com

DNS A record for Internal web services.

DNS record for Lync Pool

9.If you cant access https://localhost/cscp, you need to check the SSL certificate binding for Lync Site is correct. you should check the required SANs are added into the certificate.

Sorry for a very delayed reply. I can access https://localhost/cscp. From the front end servers.

DNS records are correct lyncpoo1.domain.com , lyncweb-ext.domain.com , lyncweb-int.domain.com.