Exchange 2007 Certificate Issues – Avoid them the easy way.

In most pre-Exchange 2007 organizations that were using OWA, a third-party cert for the public FQDN of your mail server was all you needed.  In Exchange 2007, things changed a bit and certificates play a much larger role in the organization.  One of the lingering issues I’ve seen was a certificate error internally saying that the certificate name did not match the name of the server.  This was because the certificate was a third-party issued cert using the public FQDN of the server and not the internal hostname of the server.  To avoid running into this issue any longer, I followed another article I found online and simply created a new forward lookup zone in the internal DNS for the public domain name of our organization (i.e.  In that forward lookup zone I created the host (A) record for the mail server and pointed it to the internal IP.  Next, following the article (see link below) I changed the links in Exchange 2007 so that they would reference the public FQDN even when working internally.  What this does is effectively use the same public FQDN for all transactions with the Exchange 2007 server so it will match your existing third-party cert.
(Search down to the section that reads: “Next we need to change the URLs used autodiscover”)