The certificate, in this case, would be for www.yahoo.com
The certificate would actually be for the OWA site and not yahoo.

I just tested this with my OWA implementation which uses SSL cert issued by our own internal CA. Since both my Firefox browser accepts certs from our CA, I was taken directly to the site. I tried this on a test box and IE stopped the redirection, Firefox popped up the warning about being redirected. That warning from Firefox is a good or bad thing as we all know how well most users *read* things before the simply click "OK". I like the fact that it actually said something rather than simply stopping me, again though most users don't read that stuff unfortunately. Anyway, I did not install my CA certificate on this test box and Firefox popped up a warning about not knowing who issued my OWA cert.