It's really not a chicken/egg problem. We solve the easy problem first, then the hard one. I'm not yet sure there's actually a good solution to the cert problem.

There is one solution I can think of, but it involves equating URLs with identities via a Namecoin-like system, and that technology just isn't there yet.