Public SSL Certificates are not easily available for private networks. Since the public services are giving you verification that the site the users are using is the site they think it is, the provider of the certificates must be able to verify the information before issuing the certificates. This is generally done by having a small file placed on a web server, or a DNS entry made; things which can only be done by an authorized administrator of a domain.

For private (internal) networks with no access to public IP addresses, it is actually fairly simple to create your own, internal, Certificate of Authority (CA), deploy that to your workstations, then sign certificates for internal web sites, mail servers, ftp sites, etc… with that CA. You can even use this to sign certificates for your internal network switches and routers so you don't have to constantly put up with the “Certificate Invalid” notice when you go to them.

Start with SSL Overview, to get an idea of what is going on.