This question has come out of understanding from Role of files .keystore and CAKey.pem in SSL?. The folks who have not gone thru that can skip that link as this is just summarization of different options of going for https.Here it is:-
There are two ways when i want to go for https. First is get the certificate from authorized CA like verisign like ecommerce site or bank goes for. This is affective but costly way.
Second is self signed certificate(which is good if we have one/few server).In this case browser can give the error site is risky. To get rid of that, we can go for import of server cerificate in the browser truststore.
In case if we have many servers, then we can go create your own CA and get the Certificate signed with this our own CA. To get rid of risky site error on browser, we can again go for import of CA cerificate in all the clients(Browser). Is this correct so that i can go ahead with best option which will suit me?