ssl / https certificate from shady resellers

If it's signed by the same root, it comes down to the price and the infrastructure for purchasing (can you do it all online with a credit card, is it easy, etc).

You have to watch out for chained root certificates, where (someone like) RapidSSL signs a certificate, and that company then uses that certificate to sign yours. Unless you have a good reason, stay away from them.

I've bought certificates from Namecheap.com before - they will give you a single root certificate. See this question for more.

The risk is low in most cases, though I would recommend going with a company that either you personally have dealt with previously or one that comes with a recommendation from a source you trust.

For instance, most registrars also sell certificates through this sort of reseller agreement, and you'll most likely get the same price or not much more from them.

A short while ago NameCheap were offering a free SSL cert with every new domain registration which is where I got my last couple. You might find that offer still on, or that other registrars are offering something similar.

There is no need to go with a firm you have any reason not to trust, given how many out there resell at more-or-less the same price.

If cost is really the biggest driving factor - why not consider self-signing? It is super easy, and you can add the certificate to the trusted store for your browser - piece of cake for a small business or personal site. Granted, you won't get automatic recognition in a browser - but for cost, you can't beat it:

For Windows/IIS: SelfSSL.exe from the resource kit - http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/993a8a36-5761-448f-889e-9ae58d072c09.mspx?mfr=true

Apache: Just fire up openssl to generate your certificates.