SSL primer

1) I would highly recommend that you don't use a free certificate if this is going to be securing credit card information. Free certificates are not insured/warranted and are meant for protecting non-critical data like personal emails.

2) One cert secures one subdomain on one server. For example, you could secure mobile.blah.com, but www.blah.com would require an additional cert. Depending on the insurance amount and additional features, a single cert typically retails for $20-$200. You can buy "Wildcard" certs which allow you to secure any/all servers/subdomains (*.blah.com), but they are generally $500+. Wildcards are less likely to work mobile devices.

3) GeoTrust / GoDaddy is like a Toyota, Thawte is like a Cadilac, and VeriSign is like a Mercedes. There's not really any difference in terms of security (all can do 256K encryption)... the difference is in the amount of warranty and extra features you get (site seal, re-issues, etc). You can buy them all from NameCheap.com which generally has the best prices.

GeoTrust - $9.49/year

Thawte - $29/year

VeriSign - $335/year

With any place you buy from, they should have a refund policy (namecheap is 15 or 30 days depending on cert)... just try to install and test before that time expires... so if it doesn't work with Mobile 5, you can get a refund.