Possible Duplicate:
How to have a certificate which works with both example.com and subdomain.example.com in IIS?
I've been looking for a solution to the following problem for a few days now. I have domain.com for which I have bought and installed a wildcard certificate so now I can provide secure access to www.domain.com or whatever.domain.com. This works. However, even though the application thar runs on these subdomains makes sure no one gets to visit an URL that doesn't contain at least www as the subdomain, you can still delete the www part. Once you do that no serverside redirects will help if you are on https because the browser will not fulfil the request because the wildcard ssl certificate will not cover the naked domain (domain.com)
So my question is this:
- Can I get a wildcard ssl from a provider that will also cover the naked domain? Is that even possible?
- If no for 1 above, if I purchase a basic SSL cert for domain.com will I be able to install it (Apache) on the same server and same IP as the wildcard one is installed on?
- If answer is No for both and 1 and 2 what are my options? I find it really annoying that securing a domain AND it's subdomains is that complicated :)
[EDIT]: Forgot to mention that of course I would prefer and option with no costs involved, but if that's not possible, then I guess I would prefer number 2 because the costs for a basic SSL cert are lower then for a new Wildcard one.
Thank you.
Yes, you can have more than one domain name covered by a certificate. It can be done with the "Subject Alternative Name" x509v3 extension:
Certificates issued by StartSSL do that automatically (with them, the difficult thing is not to have the top-level included)