After a recent legislation change, CA’s will no longer accept invalid fully qualified Domain name such as .local, servername.local as Subject Alternative Names for SSL’s expiring after 1 November 2015. If you already have got such an SSL certificate it will be revoked post this date.
I noticed this when renewing a 5 yr SSL certificate with Go-Daddy will give an error when you have Subject Alternative Names like .local, servername, servername.local.

As we all know if you use Exchange 2007/ 2010, you probably use an internal server name and an external name on your exchange service URLS like autodiscover. If you dont add this in your SAN you get the dreaded certificate mismatch error in Outlook.

“The name of the security certificate is invalid or does not match the name of the site”

Work Around:

To get around this issue, one can simply change the internal URLs to the external ones. For example you have internal name of servername.local, this will need to be changed to mail.contoso.com in the URLS, once this is done you will need to create a DNS zone for contoso.com on your internal DNS and create a host record for mail to point to the exchange servers internal IP address so that internal autodiscovery will work when you do the change.
The following will need to be done for Exchange 2007 via PS:

1. Start the Exchange Management Shell.
2. Modify the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. To modify this URL, type the following command and then press ENTER:
   Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri
   https://mail.contoso.com/autodiscover/autodiscover.xml
3. Modify the InternalUrl attribute of the EWS. To do this, type the following command, and then press ENTER:
   Set-WebServicesVirtualDirectory -Identity “CAS_Server_Name\EWS (Default Web Site)”
   -InternalUrl https://mail.contoso.com/ews/exchange.asmx
4. Modify the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press ENTER:
   Set-OABVirtualDirectory -Identity “CAS_Server_name\oab (Default Web Site)”
   -InternalUrl https://mail.contoso.com/oab
5. Modify the InternalUrl attribute of the UM Web service. To do this, type the following command, and then press ENTER:
   Set-UMVirtualDirectory -Identity “CAS_Server_Nameunifiedmessaging (Default Web Site)”
   -InternalUrl https://mail.contoso.com/unifiedmessaging/service.asmx
   Note This command is required only in an Exchange 2007 environment. This command no longer exists in an Exchange 2010 environment. Instead, the WebServices URL is used for this purpose.
6. Open IIS Manager.
7. Expand the local computer, and then expand Application Pools.
8. Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.

 

The same for Exchange 2010

1. Start the Exchange Management Shell.
2. Modify the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. To modify this URL, type the following command and then press ENTER:
   Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri
   https://mail.contoso.com/autodiscover/autodiscover.xml
3. Modify the InternalUrl attribute of the EWS. To do this, type the following command, and then press ENTER:
   Set-WebServicesVirtualDirectory -Identity “CAS_Server_Name\EWS (Default Web Site)”
   -InternalUrl https://mail.contoso.com/ews/exchange.asmx
4. Modify the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press ENTER:
   Set-OABVirtualDirectory -Identity “CAS_Server_name\oab (Default Web Site)”
   -InternalUrl https://mail.contoso.com/oab
5. Open IIS Manager.
6. Expand the local computer, and then expand Application Pools.
7. Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.