External (Outlook Anywhere) clients are getting certificate error with a public certificate
Posted on 2015-01-26
This weekend, I changed out a certificate in Exchange. I got a public cert and used all the proper subject alternative names. However, the former cert, installed before my time, was a wildcard and I am not a proponent of a wildcard cert in Exchange. I got a standard UCC cert and gave the common name 'mail.mydomain.com'. Everything went well and the change was transparent for the most part. However, the Outlook Anywhere clients in my China office are experiencing the following error when trying to open Outlook (keep in mind that if they VPN in and open Outlook or simply go to webmail.mydomain.com or mail.mydomain.com/owa externally they have no issues):
"There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the site. Outlook is unable to connect to this proxy server."
To me, this means there may be a manual certificate installed on these external boxes for some reason? The configuration of their Outlook anywhere setting is 'webmail.mydomain.com' as the server to connect to. However, the public certificate works (i.e. there are no certificate errors either internally or externally when attempting to connect via webmail.mydomain.com) with no issues.
As usual, any help is greatly appreciated. Thanks!