If you try to read this blog using an https:// URL, your browser will probably warn you that the security certificate is not valid.

Why is this? It’s because I have hosted the blog on Red Hat’s OpenShift service and I haven’t yet installed my own security certificate. When you visit https://blog.foad.me.uk the connection is redirected to a server whose real address is <something>.rhcloud.com. The web server there currently provides a security certificate that cryptographically proves the content comes from rhcloud.com but doesn’t say anything about blog.foad.me.uk.

What does the warning mean? It means the certificate, and therefore your browser, can’t prove that the content you are seeing really comes from my domain. If you are connecting through a compromised network then it’s possible a man-in-the-middle attack could present a spoof web site that pretends to be blog.foad.me.uk. A spoof web site might try to trick you into giving it your credit card details, for example.

I’m working on setting up my own certificate.

Hmm… I’ve just started reading up about it and it looks a bit more complicated than I thought.