Scenario
When initially setting up the Unified Communications Certificate (UCC) certificate for Exchange, autodiscover.domain.com was not added as a Subject Alternative Name (SAN).
You need to enable autodiscover in Exchange 2010 for external devices (iOS, laptop Outlook etc.) without a security warning.
Solution
The certificate needs to be updated with autodiscover.domain.com as a SAN.
These instructions pertain to a GoDaddy certificate – other providers will likely be different.
An A record had already been created in the domain’s DNS zone pointing autodiscover.domain.com to the public IP address of the router.
As it turns out, GoDaddy offer the opportunity to drop and replace SANs from their UCC certificates at will – with domain ownership validation required if any are added, of course.
Here are the steps: