SSL certificates are needed when you want transmissions on the wire to be secured. This is indicated by the "https" (as opposed to "http") in the browser address bar as well as a "lock" icon shown on the browser.
A SSL certificate and secure connection is needed if you are accepting credit card information directly on the site, for example.
Some shared webhosts will provide you with "shared SSL certificates". That mean that a single certificate is shared with many website owners. This is fine if you are just learning about SSL and testing. But they are rarely used in live active sites because sometimes warning dialogs will popup in users' browser when these are used. Consider purchasing a non-shared "private SSL certificate" (also known as "individiual SSL certificate").
For example, hostmonster shared SSL certificates are in the form...
https://secure.hostmonster.com/~yourunixusername/
More information here.
For a production eCommerce site that accepts credit card information directly, it is best to purchase a dedicated IP address from your webhost and purchase an "private SSL certificate".
Many times, you can purchase the SSL certificate directly from your webhost and they might even install and configure it for you as well. Note that a dedicated IP is needed in order to run the SSL, so you may need to purchase that also.
For example, here is Hostmonster's information on purchasing dedicated IP and SSL certificate.
You can also purchase them at Verisign, DigiCert, Thawte, GeoTrust, InstantSSL, NetworkSolutions, GoDaddy, and other places.
To learn more about SSL certificates, browse through Verisign's SSL Information Center.
