Digital certificates

Who can explain a couple of points related to ssl certificates?

So. First to what is, and then to what is not clear. There is a certification authority deployed on the network. Which issues and signs certificates for all devices on the network. URAAA! In AD, we distribute the certificate as trusted by the root, and in browsers we get a cool white line for everything, which says that everything is ok with the certificate. URAAA! Now we can knock on different devices and enjoy "security". BUT! This is where an idea comes to our mind. Instead of whether to buy to us the certificate from the root center. So that we highlight our line with a cool green color. And here questions arise.
1. A multi-domain certificate is issued using the *.chegototam.ru mask (for example). It turns out that chegogottam.ru itself is not subject to this certificate?
2. The moment associated with the distribution of this certificate over the network to devices. It turns out that I assign a domain name to each specific device and feed it the same certificate? Doesn't it come out greasy?