Exchange certificates mismatched address

Do you have these names in your certificate?

1. mail.domain.com (common name)
2. autodiscover.domain.com
3. Internal FQDN  (not a good practice as in future you cannot add internal FQDN)

Can you post a screenshot of the error

do have it assigned to mail.caran.local
3.png
1.png
2.png

Check the attachment and see whether you have these names listed in "Subject Alternative Name"

Please check this as well
http://www.ehow.com/how_5054848_remove-certificate-flags-internet-explorer.html
certscreenshot.png

This is what I have, should it be different? if so how would I alter these settings?
4.png

you should reissue the cert with SANs included(i.e. include the above mentioned names)

I don't understand? which ones do I add? I already have the ones listed above in my SANS list

You should access your server by this name
https://mail.domainname.local/owa  not https://mail/owa

By default it will open https://mail.domainname.local/owa   if you create a redirect in IIS

Check this for redirect
http://social.technet.microsoft.com/wiki/contents/articles/simplify-the-outlook-web-app-url-in-exchange-server-2010.aspx

what about for the external owa how would i set that up?

Create a new Forward Lookup Zone in DNS  server same as your external domain name.
and create an A record in the newly created zone "mail" pointing to you internal IP.

This way internal and external OWA access URL will become the same.

or

if you want to access your owa  by https://mail/owa 
you have to add mail as SAN in your certificate
(in this case internal and external access  URL will be different)

We have a Sonicwall NSA4500 - do we need to add or change anything in that to make the OWA available from the outside?