The obvious solution (Score 1)

So this is my take on all of it. To protect online commerce we need a noob-compatible "trust factor". Like some replies mention, this is achieved with the 'https' and the little lock icon (as well, now the coloured URI bar in IE). However, we also need self-signing to be a valid practice -as it was meant to be-. In this regard the error message itself is incorrect e.g. "cyote.ferrus.net uses an invalid security certificate" a self-signed certificate IS NOT INVALID. An invalid certificate is an expired/revoked/erroneous one; but I digress. The real point here is that we need two levels of trust- not a level of trust and level of distrust. There should be some way to allow a noobie user to easily identify if a certificate is signed by a CA, self-signed, or invalid. Only the third option should present itself with a horrible 5-click error message. The first option should look the "most secure", say with a lock icon and a "blue bar". The second option should have the lock icon but no "blue bar" (replace "blue bar" with whatever have you). As someone who self-signs certificates daily I had really hoped that FF3 would fix this erroneous "error" message.