I have some websites that redirect the user login to https, some user get scared when they see the warning as it says the site is not trustable or someone is trying to intercept their communication, so most of the users do not continue with the login procedure.
The fact is that i would like to avoid paying the big amount to get a valid certificate from one of those companies, as i am not making money with these sites, but i would like to keep the users credentials secure. is there a way to avoid this?
It would be enough if i can intercept the https redirection and display a message to the users explaining the situation.
Some widely accepted certification authorities offer a free certification path for Class 1 certificates (which make no assertion over the identity of the certificate owner, only that they control the subject; in reality, few people actually check SSL certificates for identity verification, so this is rarely a realistic concern—and given the non-commercial nature of your application, may not be a concern at all in this case).
One such certification authority (that I have used myself in the past) is StartCom.
No, you can't hide the message without using a cert that is endorsed by a recognized CA. That's a fundamental fact of internet security.
What you CAN do is, before that message comes up, explain that they will see the warning. You can tell them that in fact your self-signed certificate is not vulnerable if a CA gets hacked (which has happened), while the rest of e-commerce is compromised.
But they won't read the long explanation. The best you can do is prepare them and tell them that ONE TIME they have to trust that you are who you say you are.