Why a specific list of SSL certificate vendors?
It seems somewhat ironic that our university has signed up to be able to issue our own certificates but we have to go out and purchase a certificate from another vendor. I'm no SSL expert, but I got this from our IT guys when I asked them for advice:
If they were to make this generic rather than specific to a list of vendors, all they'd have to do is allow you to upload a root certificate authority certificate and an intermediate certificate authority certificate into any part of the environment that would connect to components that have the actual SSL certificate installed. That way the actual SSL certificate that is installed can be verified as valid, and you get your pretty green rich as per the documentation.
The Quovadis root CA and ICA certificates are at:
You'd be using the Business SSL certificates I would imagine hence the root CA and ICA certificates listed on this page valid to that certificate type are the ones that would be required.