General consensus seems to be that you need a proper certificate from a trusted authority before you can get outlook anywhere working. Don't believe them because you can have OWA with a self signed cert.
It's a matter of matching the CN with the address in the url/outlook account. In Exchange shell you'll need a new certificate if they dont yet match:
New-ExchangeCertificate -PrivateKeyExportable $True -Services “IMAP, POP, IIS, SMTP” -SubjectName “cn=external.domain.name"
Enable the certificate and ensure all services are enabled on it.
Enable-ExchangeCertificate -Thumbprint [THUMBPRINT FROM NEW CERT]
Check certs and they're services:
Then import the certificate from IE into your 'Trusted Root Certificate Store".
Should work then..
The assumption is that you have a static IP for your exchange box, but what if you're using a dynamic one with something like dyndns? You'll need to map your OWA domain to whatever the CN your exchange cert is using. Here's a batch file to map a domain of your choice to any other IP based on it's ping result.
Logic as follows:
1. Ping dyndns domain to get current dynamic IP
2. Write IP to host file and map to domain of choice.
3. Put batch file in startup to have updated always in host file
Note: disable UAC in Vista/7
Paste in .bat and replace 'server.to.ping' and 'host.name.in.certificate.org':
for /f "tokens=1,2 delims=" %%a IN ('ping -n 1 !myServer!') DO (
if "%%b" NEQ "" set ip=%%b
type hosts|find /i /v "#zzz" > hosts.new
move "%cd%\hosts.new" "%cd%\hosts"
for /f "usebackq" %%a in ("C:\newip.txt") do (
>>hosts echo %%a host.name.in.certificate.org #zzz.