[cobalt-security] self signed certificate warnings

[Matthew Nuzum <cobalt@xxxxxxxxxxxxx>]

I've designed an application that collects some personal information, so
for the short term, I created a self signed "wildcard" certificate. 
It's 128 bit and Netscape and IE handle it just fine.  I feel very
comfortable with the level of security it gives me.

The problem is that browser's visiting the site for the first time get a
pop-up warning stating that they user has not chosen to trust the
signing authority, or something along those lines.

IE and NS both state that the security is full strength, that the dates
are valid and that the domain name matches.  They show nice little
symbols that make users feel pretty comfortable.

While this is fine for most of my clients, I'd like to not have the
pop-up window appear at all.

I know of ONE way that will take care of this problem definitively, and
that is to buy a wildcard cert from Thawte.  However, they now charge
per domain, which is extremely limiting to me.

I have heard that you can send a special mime-encoded file to newer
browsers that will allow them to add me to their list of trusted
authorities.  Maybe this is a rumor, or maybe this is a complete
mis-understanding on my part.  It sounds intriguing to me though.

Has anyone tried this?  I'd search the Internet, but I'm somewhat at a
loss for what to even search for.

I tried to find CAs that will provide wildcard certs, but none of the
cheap ones seem to do it.  If you can recommend a low cost CA that is
trusted by newer browsers and has a low, flat fee for wildcards, I would
find that useful as well.

Thanks for any help,
Matt Nuzum