Choosing an SSL CA?

zentigger asks: "I am looking at renewing some SSL certificates and checking out the various vendors. I seems that just about every major CA has some reason for not using them. Verisign is just evil, Thawte is owned by Verisign, Geocerts has a bad habit of spamming, and Godaddy uses a stupid chained cert that doesn't work for some appliances we have (and they won't let me check out using Firefox). I realize that I could just use a self-signed certificate, but we have too many stupid users that get all confused and whiny when something pops up and asks them unexpected questions. So I put it to you, Slashdot: what CAs do you recommend and why?"

Can you trust a self-signed ?

[JohnnyKlunk]

We use a self-signed CA, but being a corporate MS shop we force our CA's certs out as trusted through AD, so there's no difference between certs signed by our CA and certs signed by someone else. For me, it's brilliant. I can certify whatever I need to without having to cough up each time. It's only useful for internal users though. Obviously no good for public sites.