We have a client with an SBS11 server which has IIS and Exchange secured by a single-site certificate for mail.domain.com, purchased from rapidssl.com. When configuring Outlook on remote clients, we get an error for autodiscover.domain.com which says "the name on the security certificate is invalid or does not match the name of the site". (Local clients connect to Exchange without any certificate errors in Outlook.)
I've followed the instructions at this site to update all of the URLs to match the certificate name, but that had no effect. http://blogs.technet.com/b/danielkenyon-smith/archive/2010/05/13/the-name-on-the-certificate-is-invalid-or-does-not-match-the-name-of-the-site-part-2.aspx
The client would prefer to use a single-site cert as opposed to a SAN cert for cost reasons. (Under $50/year as opposed to $150-$200/year.) This isn't a deal breaker as everything works, we would just prefer that the users not have to click Yes to the certificate error every time they start Outlook.
I've attached the results of running the command "Get-ClientAccessServer -Identity SERVERNAME | FL".