IDG Answers is a community of experts who are passionate about technology. Ask a question or answer one below.
Setting up security certificates is certainly not very painstaking in Server 2008/R2. The only issue I have a concern with is the certificate authorities themselves do not have any way to verify that banks and online ordering systems are handling SSL in a proper manner. Web browsers do not necessarily require SSL on many sites, and it's relatively easy for DNS hackers to fake a Visa website to steal customer information.
The value of SSL can be judged by how important your customers think it is for orders to be secure (very) and if not having it leads to fewer sales and less customer data capture. Since your boss requires it, I'd go ahead and do it, but be warned -- SSL is easily hacked and in December 2008 and March 2011, two top-tier SSL certificate providers were hacked (VeriSign & Comodo). If the SSL certificate authorities cannot keep their own sites secure, it's difficult to believe that SSL is a secure technology that people should bother using.