<div>
I plan to do that next time I've got some down time, but I just need to keep this working for a week or more. I can't risk bringing Exchange down at the moment.<br />
<br />
Looking for a workaround to stop the cert pop-up message.
</div>


<div>
Please refer below link to resolve your issue.<br />
<br />
<br />
<a href="http://www.careexchange.in/how-to-use-a-internal-windows-ca-certificate-authority-in-windows-2012-with-exchange-2013/" rel="ugc">http://www.careexchange.in/how-to-use-a-internal-windows-ca-certificate-authority-in-windows-2012-with-exchange-2013/</a><br />
<br />
<a href="https://blog.digicert.com/replace-internal-names-certificates-part-2/" rel="ugc">https://blog.digicert.com/replace-internal-names-certificates-part-2/</a>
</div>


<div>
Snooflehammer,<br />
<br />
Do you have an update for us?
</div>


<div>
Hopefully the publicly trusted CA cert is working out for you. Please award points appropriately to close your resolved question.
</div>


<div>
<div class="content wysiwyg-content">
Single server Exchange 2016 installation.<br />
<br />
Server is using a self-issued cert.<br />
<br />
The cert is installed on all the workstations in the Trusted Root Certification Store, but all Outlook users are prompted at start to accept the cert with the 3rd option in the security Alert dialog redX’d “The name on the security certificate is invalid or does not match the name of the site”.<br />
<br />
The name on the cert is the same as the host name of their MX record.<br />
<br />
If an external user, without the cert, attempts to access OWA using IE, they get the expected certificate waring, but if they install the cert, then OWA logs in without the warning, so I believe the cert works OK.<br />
<br />
If Outlook users OK through the Security Alert dialog, they connect OK and are not prompted again for the remainder of the Outlook session.<br />
<br />
Any ideas to fix this?<br />
<br />
I’ve looked at bindings in IIS, and they all use that cert.<br />
<br />
If I do get-ExchangeCertificate in EMS, services I,P,W &amp;&nbsp;S are bound to the cert in question, which is consistent with other Exchange Servers I’ve checked on.<br />
<br />
Any ideas?
</div>
</div>


Single server Exchange 2016 installation.

Server is using a self-issued cert.

The cert is installed on all the workstations in the Trusted Root Certification Store, but all Outlook users are prompted at start to accept the cert with the 3rd option in the security Alert dialog redX’d “The name on the security certificate is invalid or does not match the name of the site”.

The name on the cert is the same as the host name of their MX record.

If an external user, without the cert, attempts to access OWA using IE, they get the expected certificate waring, but if they install the cert, then OWA logs in without the warning, so I believe the cert works OK.

If Outlook users OK through the Security Alert dialog, they connect OK and are not prompted again for the remainder of the Outlook session.

Any ideas to fix this?

I’ve looked at bindings in IIS, and they all use that cert.

If I do get-ExchangeCertificate in EMS, services I,P,W & S are bound to the cert in question, which is consistent with other Exchange Servers I’ve checked on.

Any ideas?

Certificate Issue on Exchange 2016

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.