[SAGE] Are cheap SSL certificates legitimate?

["Philip J. Hollenback" <philiph@pobox.com>]

At my work we have several internal websites which we serve over SSL
with self-signed certificates.  Users complain about the annoyance of
having to approve loading these sites in their browser every time.
Thus I decided to get some 'real' SSL certificates.

After some web searching, I found that namecheap.com would sell me a
certificate for $13.95.  I purchases one of these and installed it.
The certificate seems to work just fine.

However, one of my co-workers believes that there is something
fishy about these certificates since they are so inexpensive.  I
checked the cert out and it looks like namecheap.com actually resells
certificates from rapidssl.com.  The certs point to 'Equifax Secure
Global eBusiness CA 1'.  On the rapidssl.com site they make a big deal
about how their 'single root certificates' are superior to chained
certificates from other vendors.

Interestingly the cheapest you can buy a certificate from rapidssl.com
is $70 so apparently namecheap.com is getting them much cheaper or
selling them at a loss.

So:

1. Is there any reason to not use these certificates?  This is for
   internal use at my company only, not for outward-facing websites.

2. Are single root certificates really better than chained
   certificates?  Or is there some reason why they would be worse?

3. I'm probably going to also use these certificates to secure imap
   and smtp mail, again for internal use only.  Any reason to not use
   these certs for that?

Thanks,
P.

-- 
Philip J. Hollenback
www.hollenback.net