SSL Server IDs

[Nicholas Diotte <xphox () xphox net>]

Good afternoon list,

I've been asked to find a way to enable SSL on all our products, the problem is they are spread accross multiple 
servers, and devices.

Based on my current knowledge, I would assume that it is okay for me to self sign, and generate my own certificates.  
However the powers that be, do not want to have to confirm a message box each time they close their browser.  

So my question is the following:  What is the difference between certificates?  You can pay $400.00 for a VeriSign 
SuperCert, you can pay $99.00 from DirectNic, and you can generate them yourself.  What are the advantages of going 
with VeriSign, vs. a smaller company.  And what are the disadvantages of generating your own.

Also, 2nd questions:  Why not have a wildcard certificate? *.domain.org.  And can you use the wildcard certificate on 
multiple devices.  So I guess, can you copy the same key on multiple servers?

This environment contains multiple webservers, mostly IIS, but some Apache.

Thanks,
Nick

---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------