7

I have purchased an SSL certificate and I should be able to configure IIS 7 to use that certificate for both https://domainname and https://www.domainname

I have looked online but didn't find a solution so far. Is this possible to do? According to the company that issues SSL, a single SSL can be used in both cases.

Thank you

Mark Henderson
  • 68,316
  • 31
  • 175
  • 255
vikp
  • 277
  • 2
  • 4
  • 8

6 Answers6

6

If you have purchase a standard, single domain SSL certificate, then it will be for one domain, so you can only use it for domainname.com or www.domainname.com.

If you have purchased a wildcard or UCC certificate then it will allow either unlimited subdomains (in the case of a wildcard) or mulitple domains up to a certain number (in the case of UCC).

Sam Cogan
  • 38,158
  • 6
  • 77
  • 113
  • 4
    Don't know if it's the case here, but many CAs will issue a cert for both example.com and www.example.com even when you request just one or the other. – Chris S Jan 24 '11 at 18:14
  • 2
    Worth mentioning that a wildcard certificate that covers *.example.com will not cover example.com (but will cover www.example.com) in some browsers – Mark Henderson Jan 24 '11 at 21:26
  • True, and yes I should have mentioned that, some CAs will issue both in either 2 certs or a single UCC one. – Sam Cogan Jan 24 '11 at 22:07
3

It depends on how you have IIS configured. If you are certain the cert has both example.com and www.example.com in the SN and/or SAN then it will work for both, simple configure it in the bindings for the site(s). If you don't know how to configure the cert in the bindings section of IIS, then that's a wholely different problem.

Chris S
  • 77,337
  • 11
  • 120
  • 212
  • Hi, thank you for the reply. Yes, I have been looking at bindings, but IIS7 does not allow me to use the same certificate for two different domain names. – vikp Jan 24 '11 at 18:32
  • Can you be more specific as to how it is not allowing you to set the binding? – Chris S Jan 24 '11 at 19:21
0

As Chris S alluded to, just go with a Provider that will give you a Subject Name Alternative so both example.com and www.example.com can be used.

DigiCert's "SSL Plus" certificate offers this for example (not affiliated, but a customer).

Cheers

HTTP500
  • 4,827
  • 4
  • 22
  • 31
0

This is not an issue actually that is specific to IIS, but related to SSL certificates in general. According to this site (https://www.clickssl.net/blog/do-i-need-different-ssl-certificates-for-www-non-www-domain), GeoTrust allows you to buy a certificate that is for both www and no-www. You have to request it for www if you want that capability though.

Evan Donovan
  • 123
  • 5
-1

You should just buy one for either example.com or www.example.com and redirect the other one to the one you decided to SSL

BenGC
  • 1,775
  • 15
  • 26
  • 3
    You cannot redirect one domain to another if it comes from the https protocol because first of all it checks if the certificate is valid, hence if there is no certificate for www.example.com - it will fail the check and the actual redirect (on server level) will not take place. – Alex Under May 22 '15 at 11:21
-1

You could direct website.com to www.website.com and use the SSL on www.website.com.

Calvin B.
  • 79
  • 1
  • 1
    Yes, that strategy works most of the time. However, it doesn't work if the user types in or has a bookmark for: https://website.com. The browser will display the security warning before the redirect occurs. – Shai Jan 06 '15 at 02:07