So I had to change my Exchange 2010 SSL certificate to only use external resolvable names to make the deadline imposed from CA authorities. While this appears to have worked, I am now getting security alert pop-ups on all internal Outlook 2013 clients. I suspect when I configured the new certificate parameters I chose the wrong Common Name, defaulting to my top level domain and not mail.mydomain.com (it was not a wildcard cert).
The Subject Alternative Names I used do point to my mail. and everything *is* working, just this annoying pop-up indicating the certificate is not valid or not yet activated. It's not a clock issue - all endpoints are served by a domain GPS. Can I assume I need to regenerate the certificate with the same parameters but change the common name specifically to mail.? Or did I miss something? I also created a new A record in the forward lookup zone with the mail server IP.