add note about self signed certs

1 files changed, 7 insertions, 0 deletions

diff --git a/README.md b/README.md
index 6624ae248..6006cb722 100644
--- a/README.md
+++ b/README.md
@@ -174,6 +174,13 @@ Check the **owncloud/data/owncloud.log** for hints why it failed. After the issu
 * If your cron works fine but owncloud's cronjobs are never executed, file a bug in [core](https://github.com/owncloud/core/)
 * Try the [updater script](https://github.com/owncloud/news/wiki/Custom-Updater)
 
+### Reading feeds that use self-signed Certificates
+If you want to add a feed that uses a self-signed certificate that is not signed by a trusted CA the request will fail with "SSL certficate is invalid". A common solution is to turn off the certificate verification **which is wrong** and **makes your installation vulnerable to MITM attacks**. Therefore **turning off certificate verification is not supported**.
+
+If you have control over the feed in question, consider signing your certificate for free using [StartSSL](https://www.startssl.com/) or wait until September when [letsencrypt.com](http://letsencrypt.com/) goes online.
+
+If you do not have control over the chosen feed, you should [add each self-signed and trusted certificate to your trusted certificates](https://turboflash.wordpress.com/2009/06/23/curl-adding-installing-trusting-new-self-signed-certificate/). The exact procedure however may vary depending on your distribution.
+
 
 Configuration
 -------------