Why you need an SSL certificate?
You may have built a personal blog using WordPress on a VPS or Web Hosting. Unfortunately, WordPress sends username and password in plain text by default when logging in. And if your IDC does poorly on isolating network for virtual servers, other VPS/Web Hosting users may sniff and catch your password — a quite dangerous situation.
It’s not WP’s fault to send plain-text password, because most blog owners can only utilize port 80 (HTTP port, non-encrypted). However if you have the access to configure to use port 443 (HTTPS port, ‘S’ for secure), you are recommended to utilize this port for better safety.
Publicly-authenticated certs vs Self-signed ones
HTTPS usually uses SSL for encryption. SSL requires a certificate to (1) encrypt your network communication (2) identify that you are visiting the right site.
If you have both purposes, you should buy an publicly-authenticated SSL certificate. Price ranges from free (StartCom) or several bucks (GoDaddy), to hundreds of dollars (VeriSign).
But if you have only purpose 1, then a self-signed SSL certificate is well enough. For example, you just want to encrypt your password of your little blog when logging in, and are fairly sure no one will fake your website.
The only disadvantage for self-signed certs is that browsers will warn you that the website could be bogus.
CA certs vs website certs
Certificate authorities (CA) are organizations that issue certs. They constitute a hierarchy. The highest tier is root CA’s which are recorded in all browsers. Below them are intermediate CA’s which are authorized by higher CA.
Each CA has a CA cert. Root CA certs are readily recognized by browsers. Intermediate CA certs are issued and authenticated by higher CA certs and eventually by root CA certs, thus also recognized by browsers.
Each domain has a CA cert. They are issued and authenticated by CA certs, thus recognized by browsers.
If you decide to use a self-signed SSL cert, see Tutorial #1 on how to create it.