Ever get that popup when you visited a supposedly "secure" website that says the certificate is not trusted? Reason you get that popup is because the person who signed/issued the certificate is not trusted by default on your computer.
The business of selling certificates is a lucrative one. Large certificate authorities such as Thawte and VeriSign make a killing issuing digital certifcates. They can arbitrarily adjust the parameters on the certificate and charge for it on a case by case basis. The reason they are able to do so is because almost every computer by default trusts these companies. You can check this in Windows by going to start, run, mmc.exe and adding the Certificate snap in. Look under Trusted Root Certification Authorities.
In general you have to pay quite a bit of money to get a certificate signed by one of these authorities. However there is one way to get a virtually "free" one.
Thawte offers a program called their Web of Trust:
Basically after going through the steps Thawte will give you a free certificate signed by an authority called "Thawte Personal Freemail CA". Because this CA is installed by default on all Windows installations it is trusted everywhere.
Getting this certificate involves a combination of sending in documents to Thawte or finding people who have already gone through the process to vouch for you. Once you have it though you keep it forever (as far as I can see) and can generate certificates with your e-mail address in it.