Picking a Cert: Firstly, any kind of SSL will work - but they get expensive quick once you start needing wildcards and things. Generally you need 1 SSL cert for each store, so the standard 'DV" style is fine enough for most cases, the "OV" style being a bit better. "EV" or "Wildcard" are generally not needed unless you run a huge enterprise with tons of subdomains. The easiest way is to use whatever DV or OV SSL your host can get, since often they get massive reseller discounts. Then have them install it for you using the following considerations.
Important Registration Note: For many SSL certs, its important that you register the SSL with the explicit www or non-www mode. Many modernized SSL's work in either-or mode, but there are still plenty of providers that work only 1 way or the other. If you dont get it right the first time, there is a chance you will have to buy another cert.
SNI For 1 IP Support: Next, the way they set up multiple SSL domains pointed to 1 IP is using SNI (server name indication) at server level. Its a method to route all, and its dependent on modern browsers. Good news is that 100% of modern browsers support it. Bad news is that IE6 on SP1 WinXP doesnt. Your host will know what this means, make sure they set it up "SNI" if they all point at 1 server IP otherwise your SSL may be invalid. http://en.wikipedia.org/wiki/Server_Name_Indication
Forward Secrecy: You should make sure you or your host have FS (forward secrecy) set up on your server as well. This makes handshakes better for more secure browsing by using unique keys. Like SNI, modern browsers understand, old ie6sp1xp peoples do not. This is essential with an "economy" SSL: http://en.wikipedia.org/wiki/Forward_secrecy
** You may notice BingBot and YahooBot/SlurpBot "dont understand" SNI or FS...somehow they still index your pages https mode with no errors. Dont worry

Hardened Ciphers: Make sure your servers ciper suite doesn't allow anonymous SSL browsing. The default that ships with some servers is too broad to be PCI compliant. Most of the time your host would set this up, but if you have a WHM server it can be found under Service Configuration > Apache Configuration > Global Configuration > SSL Cipher Suite. You should use the mozilla suggested "intermediate compatibility" ciphers found here then restart Apache once you set them: https://wiki.mozilla.org/Security/Serve ... default.29
** If you're uncomfortable with intermediate ciphers due to old IE on XP support, you can go with the older/wider ones below it on that mozilla page and still get away with a B in SSL tests.
"Unstable" Technologies: You may hear about TLS/SPDY, HTTP2.0, and other new things, they can seriously speed up your server in https mode. Be weary though since its still "unstable" releases and actually provides a tunnel for CRIME and other exploits if not set up exactly right. http://en.wikipedia.org/wiki/CRIME
Lets Roll: Ok once its all set, you can test it using Qualys SSL test: https://www.ssllabs.com/ssltest/analyze.html If everything is set up ok, with the right ciphers, Qualys should score you an A- even with failed PCI test. Reducing ciper to be more XP compatible should take you to a solid B.
Hope that helps, good luck!