I have always wondered (but never really investigated much) on how to self-sign w/o a browser err msg (if even possible) getting in the way first. That way I can do a proper redir from https/* to http/* w/o browser interference. Perhaps a 'real' cert is the only way.