Good luck trying to convince people to accept hand-rolled SSL. Any sensible browser would complain about it, and making an exception for it might amount to leaving a footprint of CEMB use (potentially undesirable), although it would be a useful way of spotting that someone's trying to snoop on HTTPS.
Google acts as an intermediate CA, incidentally - Thawte is the ultimate CA for the HTTPS google sessions I've got going.
But can't CEMB just implement HTTPS for those who request it, why not leave default as HTTP, I don't mind that. I also don't mind installing a self signed CEMB certificate in my windows certificate manger. As long as the connection is secure I don't care about the rest.
For example these days its easy to intercept wifi data, anyone can potentially see what I am submitting to CEMB when I am posting on this website. Having a HTTPS is better than not having one at all is my point. I really don't see why anyone would object to it other than on the basis of it takes a bit of time implementing it. Maybe a few hours, so can't be asked doing the work. If those folks who don't want to use HTTPS they can be still free not to use it, and not saying lets force all the users onto a self signed HTTPS connection, leave the choice up to the person. What do you think about that?
Plus you can get a signed basic signed one for £10/year.