I apologize if this has been addressed elsewhere, but I can't seem to find much about it in forum posts or the documentation.

We recently moved from a single server install to a multi server install. With our single server, all I did to generate CSRs and install certs was use the web interface. With multi-server it seems a bit more complicated then that.

our setup:

mail.domain.edu consists of zcs-ldap.domain.edu, zcs-mta.domain.edu, zcs-ms.domain.edu

Zimbra proxy runs on our mta. Before I start playing with installing commercial certs (and likely break everything), I was hoping someone who has done this before can answer a few questions.

1. Is it true that I cannot simply use the admin web console to install the certs? If I need to (or want to) install via command line, where would be the appropriate place to find documentation? I found documentation for self signed multi-server and commercial single server, but nothing for commercial multi-server.
2. If I really just want a commercial cert for https, is a cert for mail.domain.edu enough? Is the install process different?
3. If we want commercial certs for everything else, do I need to generate separate certs for zcs-ldap.domain.edu, etc as well as a seprate one for https?
4. Do I need (or should I get) a wildcard cert?

Any help would be greatly appreciated. Thanks in advance.