Using a *. trusted ceriticate from the TMG to communicate with the IIS.
And the IIS on the QMX server, uses a certificate from our CA, and it is a matching dns name certificate yea.
And it shows properly with subject name and dns match when you get the certificate trust box on the phone.
When accepting it and pressing next, thats when it fails.
This way has been used for several other systems without problems 