I want set up a wild card SSL cert for example.com and point the dns for www.somefoo.com to somefoo.example.com. Will that work (ie, will I be able to visit https://www.somefoo.com correctly, with a x-browser OK SSL connection)?
Asked
Active
Viewed 86 times
0
-
Duplicate of [Does an SSL certificate work on CNAME'd urls?](http://serverfault.com/questions/228242/does-an-ssl-certificate-work-on-cnamed-urls) – Chris S Mar 01 '11 at 18:47
2 Answers
1
You will, unconditionally, need a certificate for www.somefoo.com in order for a connection to https://www.somefoo.com to go through without error. However, there are options for how you get there..
In the best-case scenario, we'd be living in a world where Server Name Indication could be used without breaking the site for large segments of the Windows-using population; this would make it pretty easy to just set up a second certificate for somefoo.com on the same server and you'd be good to go.
Because browser support isn't there, you've got two realistic options:
1) Obtain a certificate which contains both somefoo.example.com and somefoo.com as Subject Alternate Names. This is likely not possible, as you mentioned that you're using a wildcard certificate.
2) Set up a separate web server with a somefoo.com certificate, either serving the somefoo.example.com content directly or sending redirects over to somefoo.com.
Shane Madden
- 114,520
- 13
- 181
- 251
0
If by "point the DNS for www.somefoo.com" you mean a CNAME record or something like that, no, it will not work without a warning from the browser. If you type in or link to www.somefoo.com, that's what is checked against the SSL certificate, regardless of what your DNS records say.
What you could do is have an HTTP server at http://www.somefoo.com that does nothing but issue a 301 redirect to https://somefoo.example.com, then the browser will think that it's going to somefoo.example.com and it will match the certificate.
DerfK
- 19,493
- 2
- 38
- 54