In this case, self signed certs can be used by passing the cert around via email or some other method and manually importing it before connecting.

Still, that's an annoying process to have to go through. It's better just to get an SSL cert signed by a respected signing authority. The one bit of goodness to come out of the flames at mozilla is that there's a respected CA that will sign certificate requests for free. Free certs only guarantee that the person who requested the signature reads email at the address that is registered in WHOIS as the contact for the domain. The signature on the certificate will last for one year. I haven't tried yet, but it may be possible to extend the length of the certification by using the -days option on the certificate request in openssl.

Since all of this is automated, it's possible to get a properly SSL cert quickly and easily:

• Sign up at StartSSL.
  
  You'll need to verify your email address and the domain you own, but the process is fairly straight forward. Don't forget to backup the SSL certificate they generate so you can log in from another browser.
• Once you have the account setup and domains verified, you can request a cert with the Certificates Wizard.
• Make sure to select SSL/TLS Web Server Certificate
• I like to do everything myself and keep my private key private, so I like to Skip the private key generation on the site and instead to this:
• openssl genrsa -out host-example-org.key 4096
• openssl req -new -key host-example-org.key -out host-example-org.csr
  This will ask a series of questions:
  Country Name: US or whatever the two letter country code should be
  State or Province Name: New York or whatever the local state name is
  Locality Name: Binghamton or whatever the city name is
  Organization Name: example.org or whatever you like. I believe StartSSL overrides this with example.org anyway
  Organization Unit Name: Presonal web server or whatever you like. This may also be overridden by startssl.
  Common Name: host.example.org. The final certificate needs this to be the example domain name of the host that will be using SSL. I believe this too will be overridden
  Email Address: username@example.org. This will definitely be overwritten with the email address associated with example.org in WHOIS
  
  Skip the challenge password and the optional company name fields.
• host-example-org.key is the private key (keep this safe with chmod 600 and chown root). host-example-org.csr is the certificate request which must be signed by startssl.
• Open host-example-org.csr and copy the text (starting with -----BEGIN CERTIFICATE REQUEST----- and ending with -----END CERTIFICATE REQUEST-----) into the large text box and press Continue
• Double check that the request is correct and press Continue. It should look something like this:
  subject=/C=US/ST=New York/L=Binghamton/O=example.org/OU=Personal web server/CN=host.example.org/emailAddress=username@example.org
• Pick the correct top level domain (example.org in this example) and press Continue
• Entire the correct host name (host in this example) and press Continue
• Press Continue one more time
• The next page has a text box with the certificate in it. Copy/paste this into a text editor and save it as host-example-org.crt
• Now the cert can be used as needed.
  

I'll cover how to setup a couple services with this certificate later.