zentigger asks: "I am looking at renewing some SSL certificates and checking out the various vendors. I seems that just about every major CA has some reason for not using them. Verisign is just evil, Thawte is owned by Verisign, Geocerts has a bad habit of spamming, and Godaddy uses a stupid chained cert that doesn't work for some appliances we have (and they won't let me check out using Firefox). I realize that I could just use a self-signed certificate, but we have too many stupid users that get all confused and whiny when something pops up and asks them unexpected questions. So I put it to you, Slashdot: what CAs do you recommend and why?"