It depends why you are using it whats your objectives? If you just want the minimum legal encryption then a free selfssl or openssl might do.

If its for customer confidence to buy from you then go with one of the 2 well know brands.

Some are also better value if you want multiple hosts secured.

Stay away from most expensive - they are almost certainly not worth it.

In the last few months I had to look at SSL and found cheap very well supported by browsers option - RapidSSL. You can get free trial from them for 30 days - give it a go. There are cheaper versions around but they seem to be more limited in respect of browser support - if you want to sell anything to the end users you can't afford "unknown certificate" warning that would popup in browsers :(

Yes, confusing, but not. It's about branding to a large degree. I'm no expert, but from reading WW and my own research, Lord M has it right.

A service provider recently directed us to an outfit called RapidSSLOnline which offered RapidSSL and other certs at discounted prices. We haven't used this as yet, but we intend to try them on our next launch.

Different certificates are certifying different things. E.g. the cheapest GoDaddy cert for a few dollars merely encrypts the communications between your server and the browser and certifies that you control the site. Other options go to different lengths to verify your identity, so that the certificate can be traced back to a company or individual.

The newish Extended Validation SSL (EVSSL) certificates do the whole turning the address bar green thing and go to greater lengths to demonstrate to the client who they are dealing with.

I am soon to be buying a certificate for a project and haven't yet decided whether the EV SSL is worth the considerable investment, I wonder if anyone knows of any testing which has been done which looks at conversion, abandonment etc with EV and non EV SSL?

Well discussed with more links here [webmasterworld.com].

The bottom line, for the average user, is 1) that the data to and from the server is encrypted, and 2) the browsers recognize the certificate authority when the SSL pages are visited. I *have* seen some certs not be recognized by the browser, which prompts the user to install the cert. This is bad mojo because lay-persons don't understand it. They just want that lock icon!

The low-cost G.D. certs are 265 bit encrypted, and do quite well.

I got the EV SSL several months back and feel it was worth the investment. I am thinking it was 359 a year for 2 years. I will say comodo did go to great lengths to make sure my business was legit before issuing the certificate.

are 265 bit encrypted

Oops. 256. :-( Dyslexia flare-up.