Outlook 2007 Certificate Error after installing SSL certificate

After installing a new SSL certificate and replacing the built in Exchange server 2007 certificate in order to enable and use RPC over http users are getting the following error:

“Name on the Security Certificate is Invalid or Does Not Match the Name on the Certificate”



This issue happens because internal clients  \ outlook users must be able  to resolve  the name on the certificate which is different from the external name.

To fix the issue we have two options:

1. buy a SAN certificate which has two names (internal and external)

2. Fix the issue by creating a new DNS zone, run a few commands from the exchange shell which point outlook users to the new zone.

I used option number two which took me 10 minutes to do.

Option 2


First you create a new DNS zone in your DNS server using the address configured in your commercial certificate which is: mail.domainname.com , there for the new zone will be domanname.com


Create a Host (A) type record to point to your mail server´s IP , mail.yourdomain.com  (



Log in to the Exchange server and run the 4 commands form the Exchange Shell (change the domain mame)

Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.domain.com/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity “CAS_Server_Name\EWS (Default Web Site)” -InternalUrl https://mail.domain.com/ews/exchange.asmx

Set-OABVirtualDirectory -Identity “CAS_Server_name\oab (Default Web Site)” -InternalUrl https://mail.domain.com/oab

Set-UMVirtualDirectory -Identity “CAS_Server_Name\unifiedmessaging (Default Web Site)” -InternalUrl https://mail.domain.com/unifiedmessaging/service.asmx


After you type the commands, flush the dns on the client pc and test.