It's time to start looking into talking my company into a certificate from a trusted root CA. I have some questions about this though, being no expert in any of this garbage...

Let's say I convince my small company to do this, and they tell me "Make it happen, here's the company credit card"... and I go over to VeriSign. What "exactly" do I want from them? They have about 40 "products" and none of them say "The certificate you need to sign .NET applications".

After I figure out what I want, I assume after some authentication process via phone calls, fax machines, etc... they send me a certificate file? And I install this on our company CA I have running on the network and then use this to sign all of our applications so Vista will STFU and say "You are installing software by Blah Company, do you trust this company?"

I'm just trying to get a handle of how this whole process works. I've never, ever been able to find a good layman's explanation to any of this.