Just a small side-note: I've found an affordable source for SSL certificates signed by the Comodo Root CA, therefore being valid for most browsers and mobile devices.

During the past few days I've equipped my mail server as well as selected services, including this blog, with proper certificates, throwing away my custom self-made CA.

Concerning the blog you still have the option of using plain HTTP, when using any non-index URL. All references inside the documents should be relative, and I only redirect the index of the non-SSL version to HTTPS.

(Sitting behind an SSL-breaking proxy at work is just so painful when trying to visit SSL-enforcing sites, e.g. the awesome homepage...)