Clients moving over to Office 365 who had purchased a valid SSL certificate for their mail server still got SSL certificate errors in Outlook and mobile clients. This was despite the mail service was equipped with a valid SSL certificate (not self signed, but issued by a real CA).
It turns out here that Outlook seems to investigate https root domain (i.e. the customer’s web site) for auto configuration before trying autodiscover.customerdomain.com. And if there is no valid SSL certificate installed on the customers web site, an error is displayed. This was verified by examining the customer’s web site logs where we could se repetitive accesses to /autodiscover/autodiscover.xml.
If only Outlook just would have ignored the SSL error and continued to the next method….
A simple solution was just to add a valid SSL certificate to the customer’s web site, and the problem was solved. That way Outlook didn’t get SSL certificate error when trying to retrieve the non-existing autoconfiguration information from the customer’s web site.