And my point was that there are commercial certificates (RapidSSL springs to mind) accepted by IE and Firefox that doesn't require any authentication besides having control over the domain. You won't get a meaningful name in the cert, except OU=Domain Validated, but you will get an SSL connection without browser warnings