When you have an Internet facing Exchange 2010 Client Access Server you most likely will have a 3rd party certificate installed on this CAS Server. Every time the certificate is requested it is checked for validity, and this is checked against a webserver of the Certificate Authority.
When you have Threat Management Gateway (TMG) 2010 Server in front of the CAS Server all HTTP(S) traffic is routed via the TMG Server. The TMG Server is the default gateway on the network interface and in Internet Explorer you have to configure the TMG server as the HTTP proxy.
Continue reading The certificate is invalid for Exchange Server usage