Careful with the self-signed certificate; make sure users validate the certificate hash when they first log on and that they then install the certificate if valid. And of course, never continu on a ssl with an invalid certificate...