The name on the security certificate is invalid or does not match the name of the site.

I feel like I have to look up how to do this at least twice a year. It’s all over the internet but I’m posting it here so I can find it. If you stumbled onto it here, thanks for visiting!

This happens when the SSL certificate installed is for the external public URL and local Outlook users are connecting to the internal private URL. This process changes the internal URL to the external URL so it matches the name on the certificate.

To fix it, open a powershell and run these commands where https://yourcerturl.com is your external mailserver URL. This is based on the process from here which cleverly stores the URL as a variable to save some typing.

  • $urlpath = “https://yourinternalurl.local
    Set-ClientAccessServer –Identity * –AutodiscoverServiceInternalUri “$urlpath/autodiscover/autodiscover.xml”
  • Set-webservicesvirtualdirectory –Identity * –internalurl “$urlpath/ews/exchange.asmx”
  • Set-oabvirtualdirectory –Identity * –internalurl “$urlpath/oab”
  • Set-owavirtualdirectory –Identity * –internalurl “$urlpath/owa”
  • Set-ecpvirtualdirectory –Identity * –internalurl “$urlpath/ecp”
  • Set-ActiveSyncVirtualDirectory -Identity * -InternalUrl “$urlpath/Microsoft-Server-ActiveSync”

Then run an iisreset /noforce to implement the changes