In Exchange 2007 you are really required to use a multi-name based certificate to secure access to the various client facing components (Outlook Web Access, SMTP, IMAP, Outlook Anywhere etc).
Here’s a quick guide on how to go about it.
1) First, generate your certificate request (CSR file) and use it to register your multi-name certificate. Digicert and Certificates For Exchange can help with that. You will need to generate the certificate request using the New-ExchangeCertificate powershell applet using the Exchange Management Shell.
A basic example of the command usage is below, but why not cheat and use the very handy generator tool at Digicert.
Don’t forget that Microsoft recommends that your certificate includes support for the the following ‘alternative’ names. In this example your internal server name is JOLLYROGER, your internal domain name is DOMAIN.LOCAL and your external FQDN for the server is MAIL.DOMAIN.COM;
autodiscover.domain.com
jollyroger.domain.local
2) When you order your certificate you will need to copy the contents of the CSR file in to the certificate ordering screen of your certificate provider. You can use Notepad to open the CSR file, it’s just plain text inside.
3) Once the certificate is approved you should receive a CRT file. Save this to your C drive and then you will need to run the following command in the Exchange Management Shell
This will apply the certificate to IIS, POP and IMAP so it will affect OWA and Outlook Anywhere as well.
You should now be able to use Outlook Web Access and Outlook Anywhere without any warnings about the security settings.
