If you go to the OWA via https on the client, and install look at the server certificate, can you select install from that page. This will be needed along with the Trusted Root Auth.
Also check the settings that the FQDN is set up in all CAS settings.