Blog bug: invalid security certificate

If you try to read this blog using an https:// URL, your browser will probably warn you that the security certificate is not valid.

Why is this? It’s because I have hosted the blog on Red Hat’s OpenShift service and I haven’t yet installed my own security certificate. When you visit the connection is redirected to a server whose real address is <something> The web server there currently provides a security certificate that cryptographically proves the content comes from but doesn’t say anything about

What does the warning mean? It means the certificate, and therefore your browser, can’t prove that the content you are seeing really comes from my domain. If you are connecting through a compromised network then it’s possible a man-in-the-middle attack could present a spoof web site that pretends to be A spoof web site might try to trick you into giving it your credit card details, for example.

I’m working on setting up my own certificate.

Hmm… I’ve just started reading up about it and it looks a bit more complicated than I thought.

Notify of

Inline Feedbacks
View all comments