Hi Johan,
My personal opinion about how certificates work in browsers is that it is a total mess and that the messages displayed by the browsers are wrong in what they are saying and that it is a way to make more money...
That said, lets get to your question.
First I would like to split the question in two, a correctly signed certificate is not the same as an untrusted certificate.
A certificate needs to be signed by an authority and this can be seen as the signature put on a formal agreement such as a contract that you sign. This authority can be anyone that stands behind that agreement, in the most common cases it is you your self that is the authority signing the paper or contract.
Much in the same way, certificates used in browsers (or much in the same way for any kind of cryptografic systems used on the internet) has to be signed by an authority to be correct and valid. What happens in the case with OPI is that the certificate you have on OPI is generated by your OPI after you select your opi-name, then sent to our servers that validates the origin (that it is indeed sent from an OPI) signs the certificate and sends it back.
So in this case it is OpenProudcts that has signed the certificate (OpenProducts is then called CA, or Certificate Authority).
Now we come to the issue with the untrusted part of the certificate and this is where I believe that the warnings shown are completely misleading. The reason for it not to be trusted is that we as CA have not paid the ridiculously amount of money that would be required to put a "trusted" certificate on each OPI. For us to do this, the price on each OPI would have to be considerably higher, so for a business perspective that would not be feasable. So what that warning is saying is simply "The CA that singned this certificate is not in the database of CA's that is available". In my opinion it has nothing to do with trust, only money. If you would look at the amount of trusted CAs' that are in the database, you would probably not trust this at all anymore. Take a look at this trusted certificate for instance:
CNNIC it is trusted by chrome but there is no information on the issuer. By looking at the ceritficate the only thing that I can find is that organization behind it is CNNIC. No clue on where they are located or any other information. But you would get a green bar in chrome visiting a site that has a certificate signed by them. And it is only a matter of money to get into that list.
Now to get to the part on how to get rid of the warning shown in your browser.
If using Firefox, you can choose to make an exception for the site. This is the default behavior when you select to proceed despite the warning shown.
On chrome this is a bit more complicated, Google has not allowed for uses to make exceptions easy. In order make this work you need to install our root Certificate, so that is available in the same list at the CNNIC mentioned above.
Download our root CA here:
http://media.openproducts.com/opi-ca/opi-ca.crt
Go to "Settings"->"Advanced Setting"->"Manage Certificates" and then choose to import the file downloaded from the above link.
I have on my todo list a note to write a guide on this, but there are lots of things on that list... So if anyone feels like it or has some relevant and up-to-date links, feel free to post it here.
/PA