On a new Exchange install. I had a 3rd party cert for owa (iis service). I accidentally put SMTP on it. That caused security warnings in outlook as the cert has a different site (our internal domain is mydomain.loc external mydomain.com).
Since you cannot remove a service from a cert, I put them all back on to the self signed one. Removed the 3rd party one, re imported 3rd party one, added just the iis service to that.
However the outlook clients are still complaining about the cert. Why? Is there some service i need to restart to apply this, maybe client access or hub transport? As far as I know internal outlook clients could care less about the iis cert.