Of course, my launch of the new birdhouse webmail system happened to conveniently coincide with the expiration of the demo security certificate that ships with CommuniGate, so users were getting confusing certificate notices from their browsers. Time to tackle certificates.
CGP provides an interface to generate a private key, which can the be submitted as a PEM-formatted token to an authority, or to OpenSSL. First tried generating a self-signed ticket from OpenSSL, but that of course still means that users get bothered by confusing “Warning: Self-signed certificate. Are you sure?” messages. In fact, IE on the Mac throws an alert that says “Communications will not be encrypted.” I’m not sure that’s actually true (if true, why doesn’t any other browser tell you that? A self-signed certificate should in no way affect whether communications are encrypted).
But I wanted these warnings to go away, so submitted my key to GeoTrust through a gateway provided by EV1 Servers. For some reason, certificates purchased that way are one-third the price of certificates purchased through GeoTrust directly.
A rather involved back-and-forth process of automated emails, answering questions on a web site, and recording my voice into their system through an automated telephone call-back system — actually very impressive identity authentication — and 15 minutes later received a certificate. Plopped it into the cert field in CommuniGate, and all browser warnings immediately disappeared on the webmail system.