A year is a common period to use for (re-)verification purposes. So I am under the impression that you will be hard-pressed to find deals that last longer. Not all operating systems handle longer lasting certificates equally, can't find the link right now.
For an overview of (free) SSL certificate providers: https://www.sslshopper.com/article-free-ssl-certificates-from-a-free-certificate-authority.html
Thawte offers 1-year, 2-year and 3-year deals for SSL certificates: https://www.thawte.com/ssl/
For in-house webservices that are only used by in-house computers, you can deploy your own self-signed certificates (including the CA certificate). Not only cost these nothing, these can also last 10 years. And as you are in control of the CA certificate, you or your users won't be bothered by continuous browser verification requests either. But for this to work, you must be in complete control of all your in-house computer systems. To my understanding, Stoic Joker is (one of) the sysadmins at the company he works for, so that could be somewhat of an option for him.
In my duties as sysadmin I do make use of self-signed certification, mainly to verify if the software I help to create can encrypt/decrypt EDI/XML/JSON type messages transferred by our own services, web services and even Exchange 2007 - 2016 server without any user interaction. And for in-house use, this works well.
Besides HTTP/SSL isn't that safe to begin with: http://www.howtogeek.com/182425/5-serious-problems-with-https-and-ssl-security-on-the-web/
. If the big names can make such "hiccups" with certification, I suddenly feel less queasy about generating and using my own.
Years ago I saw an infographic somewhere that indicated there aren't more than 5 certificate providers globally. All the companies that offer certificates are either subsidiaries or reselling. Which was a bit unsettling then. I don't think this situation has improved much in this current day and age, though I probably should delve into this again someday.