After you have purchased a commercial certificate eg. webmail.companyname.com and install it in IIS, you may get the following error when a user opens Outlook:

“The name on the certificate is invalid or does not match the name of the site”

This is due to the FQDN the Autodiscovery service is using which is part of Exchange 2007/2010. To resolve the issue we have to tell Exchange to use the external FQDN (the common name of the certificate), instead of the local FQDN so the names match.

Firstly create a Forward Lookup DNS zone of webmail.companyname.com pointing to the IP address of the Client Access Server.

Then run the following commands in Exchange Management Shell:
Set-ClientAccessServer -Identity CAS1 -AutodiscoverServiceInternalUri https://webmail.comapanyname.com/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity “CAS1\EWS (Default Web Site)” -InternalUrl https://webmail.companyname.com/ews/exchange.asmx

Set-OABVirtualDirectory -Identity “CAS1\oab (Default Web Site)” -InternalUrl https://webmail.companyname.com/oab

Set-UMVirtualDirectory -Identity “CAS1\unifiedmessaging (Default Web Site)” -InternalUrl https://webmail.companyname.com/unifiedmessaging/service.asmx

The details that you need to change are highlighted in bold with CAS1 being the name of your Client Access Server.

Once you have ran the above commands. Recycle MSExchangeAutodiscoverAppPool in IIS. Close and reopen Outlook on the client. The error message should no longer appear.