3

I am currently using single SSL cert (non-wild card) on www.example.com, what I found that even if I access the file without the www part, e.g. https://example.com/test.js

There is no browser warnings:

Questions:

  1. Is it supported by most browsers?
  2. Assume if both domains are supported, so in the Common Name field when creating the cert, should I put example.com or www.example.com?
Ryan
  • 5,341
  • 21
  • 71
  • 87
  • 3
    It's possible to create a cert for multiple names without using wild cards, by using `Subject Alternative Name`. This might be one of those, though it's impossible to tell without looking for it. I would strongly advise you to use SAN and thus have the cert valid for both sites; otherwise some users **will** get warnings. – Jenny D Apr 18 '13 at 10:12
  • We'd have to see the certificate to tell you what it supports. – David Schwartz Apr 18 '13 at 10:15
  • @JennyD, you are right. It is due to the `Subject Alternative Name`, but I havn't request this feature, seems auto created by Godaddy when issuing the cert? – Ryan Apr 18 '13 at 10:34
  • I suppose they're used to getting complaints from customers who didn't think about requesting it so they now do it as default... but you'd really have to ask them about that. In any case, I'll change that comment to an answer since it turned out to be one; I'd appreciate it if you could accept it. – Jenny D Apr 18 '13 at 10:37

2 Answers2

5

It's possible to create a cert for multiple names without using wild cards, by using Subject Alternative Name. This might be one of those, though it's impossible to tell without looking for it.

I would strongly advise you to use SAN and thus have the cert valid for both sites; otherwise some users will get warnings.

Jenny D
  • 27,358
  • 21
  • 74
  • 110
2

Most Certificate Authorities offer an additional SAN for the 2nd level domain, if you buy a domain for subject www.domain.tld.

That means you can just enroll a standard single-subject certificate, and they will issue the signed certificate with an entry in the "Subject Alternative Name"-field for domain.tld. Browsers will then trust the certificate with or without www. as @JennyD describes.

Ask your CA :-)

Mathias R. Jessen
  • 24,907
  • 4
  • 62
  • 95