[jf]

Yes, generating a certificate request isn't hard. Maintaining a CA is annoying at best.

Do you have a link to a site that describes how to do local key generation in Firefox and IE? Maybe I was just looking in the wrong places?

The scary warnings I was talking about are not the "untrusted" site warnings, they are the warnings you get after the remote SSL server times out. I guess this can happen after a few hours, depending on the server.

Yes, it's the best solution to this problem, but it's still a major pain in the ass.