I have a number of web services running at home, some of which are SSL secured; however, they are only used by me (and a few select friends and colleagues) so, in theory, I could generate certificates by creating my own public key infrastructure (PKI) and add my certificate authority (CA) to the Trusted Root Certificate Authorities store. The trouble is that I’m lazy, and a CA is just another infrastructure service to run (it really is a bit geeky to have as many computers as I do), so I use a public certificate instead.
Because I don’t require the highest levels of validation, I don’t need an expensive certificate from a class 1 CA like Verisign so last year I used a free certificate from Ascertia. No matter how hard I tried, I couldn’t complete the certification path or get clients to trust the Ascertia root certificate, but last night, Scotty McLeod mentioned low-cost certificates from and, crucially, Go Daddy is one of the trusted CAs in most web browsers (certainly recent versions of Internet Explorer, Firefox and Safari).
Of course, there are other (more expensive) options available from Go Daddy and other CAs for longer certificate life, multiple top level domains, domain wildcards or higher levels of validation (hence trust) etc. but for $19.99, I bought a 12 month SSL certificate that will work with both servername.markwilson.co.uk and www.servername.markwilson.co.uk.