This is one of the most frequently asked questions on the newsgroups.
Since Verisign and Thawte do not speak “message-based security”, people are always confused about buying SSL Certificates for doing WSE or WCF.
It’s not just the vendors. Sometimes the people responsible for your networks are also hard to convince since message-based security just does not make sense in their world. They may not know which one is right either.
What have you had success with? What actual certificates (literally the name that the vendor applies to the cert) have you purchased from which vendors? There’s a myriad of choices, but it’s never easy to pick.