3

We are a non profit and have been hosting an online site that accepts payments. It has been getting enough exposure now that we want to put an EV SSL certificate on the site. The question I have is does it make sense to put a cheap $10 cert on www.domain.com and redirect it to https://domain.com with the super fancy EV cert? unfortunately our marketing team has mixed www and non www in many forms so we need both to at least present an SSL. We wanted to purchase one from Digicert but they do not cover the alternative name.

I figured this would work but is there something I am missing and is this a common practice? Thanks!

stevo81989
  • 43
  • 2
  • 2
    In the end what you should do is forget this prehistoric "www" and update all your URLs to `https://domain.com`. –  Jan 16 '15 at 21:41
  • Agreed and we have! But when marketing prints tons of www.domain.com and users have that in their mind, nothing we can do – stevo81989 Jan 17 '15 at 01:22

1 Answers1

3

If you're always 30x redirecting from www.example.com to example.com, then yes, there's no reason this wouldn't work from a UX perspective. There's certainly nothing stopping it from working from a technical perspective.

It is also certainly common to mix DV (cheap) SSL certs for secondary domains (like CDN domains for example) with an EV cert for the domain the page loads from. The browser's green bar is determined by the cert used for the session for the page, and that cert alone. Beyond that, browsers only care whether or not all resources on the page are in fact loaded over HTTPS; they don't currently care whether or not the domains serving those resources present DV or EV certs, and there's no effect on the UX.

Xander
  • 35,525
  • 27
  • 113
  • 141