0

I have a website (hosted by Amazon S3) which redirects example.com to www.example.com. I am setting up an Amazon CloudFront distribution for this website, and would like the same redirection to work for HTTPS. I believe I therefore need to secure both example.com and www.example.com.

I will be using free SSL certificates generated by AWS Certificate Manager. My first instinct is to create one certificate for each of example.com and www.example.com. However, are there any advantages to putting both example.com and www.example.com (or even example.com and *.example.com) on a single certificate?

user200783
  • 113
  • 6

2 Answers2

4

It's easier to maintain if you have one certificate, and there are no real downsides. You can put as many unrelated domains as you like on a certificate, so putting the www subdomain on seems fairly reasonable. Just use one certificate IMHO.

Tim
  • 31,888
  • 7
  • 52
  • 78
  • Thanks. Would you recommend adding just the `www` subdomain, or would you prefer a wildcard certificate (adding `*.example.com`)? Might the latter further ease maintenance, even though no other subdomains are currently being used (or planned for the near future)? – user200783 May 21 '16 at 03:49
  • If wildcard is easy I suggest you do that. – Tim May 21 '16 at 04:07
  • 3
    @user200783 If you have no plans to add more subdomains, then a wildcard cert would just be unnecessary expense. – Michael Hampton May 21 '16 at 07:16
  • 1
    @MichaelHampton - Certificates from AWS Certificate Manager [are free](https://aws.amazon.com/certificate-manager/faqs/#billing). This [includes wildcard certificates](https://aws.amazon.com/certificate-manager/faqs/#certificates). So, a certificate for `example.com` and `*.example.com` would cost no more than one for `example.com` and `www.example.com`. In this case, is there any reason to prefer the latter certificate over the wildcard one? – user200783 May 21 '16 at 12:02
  • No reason comes to mind, in the context of ACM. – Michael - sqlbot May 21 '16 at 12:55
0

These two domains ideally considered as one. So they do not need two various certificates.

At present, most of SSL certificates (Comodo, RapidSSL) support both WWW and Non-WWW version of domain name. So both version of your domain name example.com and www.example.com will be supported by HTTPS. Therefor you will have to set 301 redirection of example.com to www.example.com, so anyone types example.com then browser will redirect users to www.example.com

Gunjan Tripathi
  • 101
  • 1