Actually most of the things I’ve written here, are the same with the contents at http://tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html

It is quite technical, and if you do not understand it, you are welcome to post your question here to ask.

Besides SSL certificates issued by trusted CA roots, there are also SSL certificates which is self signed by the web server itself, which have no insurance by any certificates issuers. Yes, those certs which are issued by trusted CA roots do have insurance, and if the site is hacked and sensitive datas are stolen, they can claim the insurance.

But most of the time, those websites who are really serious in doing online stores, will be willing to spend some money on purchasing those SSL certificates issues by these trusted CA roots.

Self signed certificates, doesn’t mean the website is a phishing site! Remember this!
Some of the servers example like cPanel hosting panel, usually are using self signed certs, as it is not necessary to spend the money just for the cPanel login. Self signed certs, are as strong as certs issued by trusted certs issuers, just that it doesn’t comes with insurance only.

In other words, SSL certs are actually to provide a layer of encryption to avoid “Man In The Middle” attack, where those thieves, sniffing the data your web browser transmit to the web server, and steal your login details and etc.