First of all, using Exchange cert with a single name is not the best practice.
Anyway, since it works externally without any problem, it's possible to make it work internally. There are 2 things you need to take care,
1. From Exchange server side, change all the virtual directory URLs and AutoDiscover URI so that they use the host name of mail.domain.com
2. From internal DNS server, make sure the name mail.domain.com is resolved to your Exchange CAS
Ohh that is ingenious. I guess I can put mail.domain.com on the DNS.. and have it resolve to the server. Let me try. Thank you.
Hi Shedding,
Firstly, please try to view the certificate when you experience this question.
Then check the subject of certificate to double confirm which name isnt contained in certificate.
Then follow the suggestion by Li, double check the internal and external URLs for virtual directory, the host name Outlook Anywhere.
I find an article about Digital certificates and SSL, for your reference:
https://technet.microsoft.com/en-us/library/dd351044(v=exchg.150).aspx
Best Regards,
Allen Wang