Storing credit Cards is not just a case of "owning" an SSL certificate that is the least of your issues. You are holding peoples Financial Credentials if your site is compromised you might be financially liable for any damages but your reputation would certainly be in taters.
Most Merchant Gateways and Banks and probably more importantly insurance companies expect you to be "compliant" with PCI-DSS this is a standard with levels 1-4 based on transaction amount and volume which is expected to be adhered to at the basic level it's a load of paper work as well as a requirement to have a "secure network" that's not just an SSL certificate and unless you are running in suitable hosting something you will be unlikely to achieve.
Practically none of this is hard if you have a good infrastructure and system admin who know what they are doing but before even pondering going down this route you need to understand their is a risk and cost associated with Direct Card Processing.
Often when you look at the actual costs of direct card processing via a merchant gateway along side the PCI-DSS work/paperwork/scans and yes the shiny SSL certificate not to mention the indemnity insurance suddenly the loss of the occasional person doesn't always seem to be so bad.
I'm not trying to scare you and if you are a mid sized business with a relatively health turnover (or expect to be) then looking at non hosted solutions may be a wise idea, and many merchant gateways offer PayPal as well as part of their offerings, PayPal also offer a range of offerings other then their standard and Pro services (you may wish to Look at PreApprovals via the Adaptive Payments API)