I am completely baffled by SSL certificates. I understand the concepts of trust and security but the actual installation and setup of certificates so that everybody is happy has always been confusing for me.
Here is my current setup:
- Website www.mycompany.com
hosted with 1and1.com's web hosting service
- Windows 2008 Server on a business network with a dynamic IP
- mycompany.dyndns.org - dynamically updated to point to my windows server
- Microsoft Exchange Server 2010 running on the windows machine, with Outlook Web Access, IMAP, POP3 and Outlook Anywhere (although OA is not working at the moment)
- "remote.mycompany.com" - setup in 1and1 to have a CNAME pointing to mycompany.dnynds.org
- "mail.mycompany.com" - setup as an HTTP redirect to https://remote.mycompany.com/owa
Ideally what I would like to do is purchase one or more SSL certificates from 1and1.com (they offer "QuickSSL" certificates signed by GeoTrust) and set it up so that:
1) Users can connect to https://remote.mycompany.com/owa
and not get an "untrusted certificate" warning
2) Users can connect to https://mycompany.com/*
and use my website's online shopping cart system without getting "untrusted certificate" warnings (this website is hosted by 1and1)
3) Users can connect to outlook web access, and use "outlook anywhere" on their outlook without it failing with untrusted certificate warnings
4) Users can connect via IMAP and SMTP with SSL encryption, without it failing with untrusted certificate errors.
I really have no idea where to begin with this. I know when I buy a certificate from 1and1.com they'll probably hold my hand through the process of getting my actual www.mycompany.com
website secured via SSL, but what about my Windows Server machine? I will need to install the certificate into IIS somehow and make sure everything lines up properly, but I don't really know what to do here.