Alex,
Are you asking about the Control Center GUI certificates or are you asking about using TLS for MTA to MTA connections?
It looks like you have CC -- 2 scanners (inbound) and CC - 2 Scanners (outbound).
CC GUI Certs: Unless you are using wildcard certs, you should have a seperate cert for each Control Center unless you are OK with users ignoring the "invalid/wrong domain" warnings.
TLS Certs - each scanner needs it's own TLS cert. And should be created by authority that can be verifyed by the other MTA.
Take a look at the knowledge base
http://www.symantec.com/business/support/knowledge_base_results.jsp?content=all&SearchTerm=Brightmail+TLS+certificates