The way that EV SSL certificates work is to stick an authority-specific OID in the certificate policies extension field of the cert (which is a standard X.509 certificate otherwise).
As EK said, the reference OIDs for each authority are shipped as part of the browser's root store of certificates. The user interfaces don't let you add a new CA and say "this is an EV capable CA and the UID is a.b.c.d.e.f".
I suppose it might be possible to build an open-source browser from source, adding your own CA's cert along with its EV oid to the root store, but you haven't really achieved much by doing so. The browser would no longer be compliant with the CA/Browser forum EV guidelines (which limit the EV-capable authorities).
Wikipedia has more info on EV certificates here:
http://en.wikipedia.org/wiki/Extended_Validation_Certificate
If you have 5 web servers behind a load balancer (...)
do you need SSL certificates for all the servers,
It depends.
If you do your load balancing on the TCP or IP layer (OSI layer 4/3, a.k.a L4, L3), then yes, all HTTP servers will need to have the SSL certificate installed.
If you load balance on the HTTPS layer (L7), then you'd commonly install the certificate on the load balancer alone, and use plain un-encrypted HTTP over the local network between the load balancer and the webservers (for best performance on the web servers).
If you have a large installation, then you may be doing Internet -> L3 load balancing -> layer of L7 SSL concentrators -> load balancers -> layer of L7 HTTP application servers...
Willy Tarreau, the author of HAProxy, has a really nice overview of the canonical ways of load balancing HTTP/HTTPS.
If you install a certificate on each server, then be sure to get a certificate that supports this. Normally certificates can be installed on multiple servers, as long as the servers all serve traffic for one Fully Qualified Domain Name only. But verify what you're buying, certificate issuers can have a confusing product portfolio...
Best Answer
One word - trust. The SSL certificate from a provider that your browser trusts means that they have at least done basic verification to say that you are who you say you are.
Otherwise I could make my own certificates for google.com or yourbank.com and pretend to be them.
Paid certificates do not provide any extra level of encryption over self signed (usually). But a self signed certificate will cause the browser to throw an error.
Yes parts of SSL are a scam (a verisign certificate vs a geotrust where verisign are up to 100x more expensive) but not all of it.
If this is all internal stuff, then there is no need for a paid certificate as you can employ your own trust methods (e.g. Do nothing, or perhaps just fingerprint checking).