I am developing a personal finance application in VB.net, and I am trying to clarify how to properly send a username and password via SSL to a bank's OFX server. Is it sufficient to use the .NET.Security capability to read and authenticate the server's certificate, or do I need to buy a certificate with a formal Certification Authority? Can anybody give me some pointers?

After studying this more, I'm starting to get the feeling that the only way to submit OFX requests is with HttpWebRequest and HttpWebResponse. I understand that this automatically uses SSL if the url is https. However, this doesn't seem to have any certificate authentication functionality, and I'm not sure if any encryption is happening. It seems that the SSLStream class, which does have certificate authentication, is not used for sending to a url (only to IP addresses or named servers). Does anybody know if HttpWebRequest with SSL is considered sufficiently secure to send usernames and passwords?