General SSL Certificate QuestionsLocked
Let me start off by saying that my knowledge of SSL certificates is pretty limited. We just purchased an e-mail security appliance that I would like to configure with an ssl certificate to allow secure communications for both internal users (accessing quarantines, management, etc.) and also for possibly TLS encryption. I’m also considering installing SSL certificates on some of our intranet web servers. Since this is primarily for internal use, I’m wondering if its still necessary to spend hundreds of dollars for a commercial one year ssl certificate from places like Verisign? I’ve heard of self-signed certificates, but I have no idea what’s involved with doing this. Is this easy to do; is it worth pursuing?
In addition to my primary question, I have some related ones:
1)To enable TLS encryption, do I purchase and use an SSL certificate or do I use something else?
2)The e-mail appliance documentation states that it “must have an X.509 certificate and matching private key in PEM format for receiving and delivery.” Additionally, it states that it cannot generate Certificate Signing Requests itself and that you must use another system to generate the CSR. We only have Windows servers in-house, and I know that when I’ve generated a CSR before, the only thing I received back from Verisign is the certificate but no “private key”. Is the CSR process different for non-Windows systems?
3) The e-mail appliance has a “public” and “private” interface, both of which have different host names. Can I somehow use one ssl certificate to secure both interfaces if they have different host names?