: SSL Certification on both www and no-www domains We've got our website running and HTTPS / SSL works just great. EXCEPT: when users enter http://www.mydomain.com and then enter the secure area

@Kevin317

SSL, be default, covers one domain. In your case it's domain.com. Users who go to domain.com will see that error message as domain.com is not explicitly covered by that SSL certificate.

To over come this you can:

1) Get a wild card SSL certificate which covers subdomains in addition to the main domain. This is nice as it's flexible and let's you encrypt as many subdomains as you want but also a lot more expensive.

2) Redirect your users from domain.com to domain.com. Besides being easy to do and free, it's also smart usability as it gives your users a consistent URL to use (and see).

To do this in Apache you can put this in an .htaccess file in your root web directory:

Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTP_HOST} !^(www.|$) [NC]
RewriteRule ^ www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Vote Up Vote Down

@Jessie594

By default, it does not. You have to buy a wild-card ssl certificate to get that working. You can also specify multiple hosts in the ssl certificate.

Another option is to always redirect to a canonical domain. In this case, it makes sense to redirect from domain.com to domain.com.

Vote Up Vote Down