HOWTO Set Up SSL Using IIS 5.0 and Certificate Server 2.0
Otherwise, you need to create a certificate request and send it off to a
certification authority (CA) to get your certificate.
Alternatively, you can self-sign your own certificate. I think there is a
tool in the IIS 6.0 Res Kit that allows you to do that.
Certificates are used by webbrowsers in order to verify a website is secure. The certificates are issued by Certificate Authorities like Verisign and other independent third parties that issue certificates to organizations and individuals after a thorough investigation that the prospective certificate owner is the individual or the organization that it claims to be.
Verisign has a very regirous certification process requiring you to submit a lot of documentaion about you and your orginasation. Other CA's do not require as much documentation and therfore do not charge as much as Verisign.
From a webbrowser point of view, it doesn't matter if you pick an expensive or inexpensive CA.