I want to use SSL between two jboss servers on the same network. One providing web services for the web app on the other.
In this case is a self signed certificate secure, or do I still need one from verisign?
It depends on your ability to control the trust store used by the https client. If your using JSSE apis then a self signed cert is sufficient as you can create add the cert to the keystore used as the truststore by the https client.