1

I was looking at this blog and SO question These things prefer to drop www from their websites. But if you are running a website on SSL and you drop www, won't you get a certificate error? I use wild card cert on all my websites. Few examples:

https://something.example.com

https://somethingelse.example.com

https://www.example.com (this is the website I want to drop www)

If I do that I will get a certificate error when I access the website any browser, how can I fix this?

Community
  • 1
Broken Link
  • 161
  • 2
  • 5
  • The SSL certificates I get from GoDaddy work on both www and non-www. Sometimes we receive SSL certs from other vendors that don't work this way, not sure why. – ceejayoz Mar 13 '12 at 17:22

2 Answers2

1

You need to have the non-www name as a valid subject name in your certificate. Many CAs will put example.com in the subject alternate names field when issuing a certificate for www.example.com (or for *.example.com, in the wildcard case), but it sounds like your certificate doesn't have this.

You likely need to obtain a new certificate to cover both names.

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
1

Buy a certificate for example.com, and publish example.com on another IP.

A wildcard certificate for *.example.com will match any direct subdomain to example.com but never example.com itself, unless it's included as a SAN.

Alternatively, have users redirected to ssl.example.com or secure.example.com or alike, when they need encryption, and otherwise use example.com only over HTTP

An example: You run a blog or social site. Have content accessible on HTTP, but when users need access to login forms, settings pages or the likes, link to https://ssl.example.com/login.php

Mathias R. Jessen
  • 25,161
  • 4
  • 63
  • 95