What is the relationship between Autodiscover and Certificates?
When Outlook connects to the Autodiscover URL which it has obtained from either an SCP or DNS query, it must process the certificate which resides on the IIS server where the Autodiscover virtual directory is located. The certificate may either be the Exchange Server 2007 self-signed certificate or a regular certificate with a properly published and accessible root certificate. For the domain-connected user, if Outlook 2007 obtained the Autodiscover URL by using the SCP method, Outlook considers this to be “safe” and ignores the certificate prompt it receives even if the Exchange Server 2007 self-signed certificate is being used and a root certificate is not present on the local workstation. The prompt does still display if there is a name mismatch. For the non domain-connected user, Outlook connects Autodiscover to use DNS to determine the URL. This also means that Outlook should not trust a self-signed certificate at all. As a result, Outlook will be failed to connect Exchange server
