It doesn't have to be mandatory, there could be an extra link 'Log in via SSL' and mention on that page that the cert is self-signed and thus may cause browsers to whinge.

the hatter