The problem is that certificates are not just meaningless strings of bytes. You can make one right now, for free, using openssl.
What your paying for is someone actually researching and verifying that you are who your say you are. And that they are willing to vouch for your identity. Your also paying for having their trusted root installed in a variety of SSL implementations, so you don't have to worry about establishing the base trust.
Given Verisign's problems w/ DNS, and a very high-profile case where they accidentally gave out a cert that was identified a non-MS'er as Microsoft Corperation, I'd stay away from them. Thawte, which I believe is still owned in part by verisign, seems to still be managed by themselves.
Outside of Verisign & Thawte, there unfortunatly arn't that many providers that share that wide installed base as them.