Recently, my web host started sending my mail client a self-signed root certificate with no field filled (everything says "Unknown") when connecting via SSL. I'm pretty sure this is not a good thing, but since it works, the tech support guy says it's fine.
I'm not a certificate guru, so I'm turning to you people. What purpose do certificates serve? Is it really okay that the certificate has every field set to "Unknown"? I don't check certificates often, but I don't recall ever being sent a root one; what's the difference between a root certificate and, err, the other kind of certificate?