I have a couple of issues;

1. SFDC claims that setClientCertificate is deprecated, and to use setClientCertificateName instead, so where exactly am I supposed to upload or install the Server Certificate generated for my secure server?  I was surprised that I could not upload a cert of a CA when I added my secure servers URL to the remote sites section.  Furthermore following the "please use setClientCertificateName" links it points me to a section that shows me how to generate certs on SFDC.

 Thats not going to happen for the following reasons;

a. I don't require two way ssl

b. I am making callouts.

2. For development, we do our own signing.  i.e. I am my own CA and I generate a bunch of server certs signed by this CA.  So how do I get SFDC to trust my dev CA.  I am hardly going to go to verisign to get certs signed for development servers on my end, nor am I going to allow anyone to call into my servers without SSL.  

So in short;

I need SFDC APEX calls to behave like a browser would, where RESTful calls to HTTPS just work, if you install the CA that signed those certs.  It should be as simple as that, and I can't believe I am the only one that has run into this issue.

Anyone have some guidance

Thanks