Hit ENTER after each Tag to add it to your post; Numbers in parentheses represent the Tag's usage.
This is not a problem per se, but I want to report very positive experiences with namecheap.com / ssls.com (same entity). They have SSL Certs for as little as $5 / year (3 years for $15.00) which should be perfectly good for use with single domains & Smartermail. And their tech support is nothing short of superb. Of course you can buy higher assurance certificates and/or for multiple domains, at higher cost. The price is just great so you can keep a cert or two around just for testing, and while a cert. is active, you can re-key it as often as you like, including, I'm pretty sure, changing the domain name entirely.
I typically generate a 2048-bit CSR using OpenSSL, upload it to ssls.com, and they provide the certificate via download and/or email. The low-assurance certificates are generated quickly; it takes longer for higher-assurance certs, as would be expected. But once you're established in their database, renewals etc. are much quicker.
I just needed to install a cert for SM v15 on Server 2012. With ssls.com you should actually go on chat with them FIRST (instead of beating your head against a wall!) and they will happily walk you through the install. In the case of S2012 / IIS8, there is a conversion required; they provide all the info while staying online with you and will even test your install if the server is live on the 'net. This is so even for their cheap certs., which is just so cool.
BTW with SM installs SSL certificate verification is also not intuitive: when installing the SSL certificate for SMTP, POP, and IMAP. you can only verify the certificate by first clicking "Save,", which then closes that window - ideally the window would stay open, but it's a minor gripe. You then need to re-open the window and click the button for verify.
Lastly, if you are testing the server and it's not in a zone file on the 'net yet, you can add the FQDN to the hosts file on the server and test your IIS cert. locally. On a LAN workstation, you can similarly add it to that machine's hosts file as well for testing, thusly:
c:\windows\system32\drivers\etc\hosts (no file extension on the hosts text file)
Syntax: LAN IP of server, a space or two, then the FQDN (make sure there are no # at beginning of the line - # means the line is just a comment!)....
This takes effect immediately without rebooting. Remember to remove the entry from the HOSTS file as needed, once you go live. On Windows workstations, you might very well need to copy the hosts file to the desktop (for example), edit it there and copy it back to the etc folder, for Windows security reasons. And it doesn't hurt to save a copy before starting.