Wild card certs and www.subdomain.domain.com

Question

I have a wild card cert set up for a client who has a lot of sites with sub-domains. Is there a way to somehow get AWS to redirect WWW.sub-domain.domain.com to sub-domain.domain.com so the cert if valid (I know wild card certs only support Subs, not sub-sub domains)?

Answer

You cannot do an HTTPS redirect like that - as the first TLS connection would still be to a URI that is not in the subject alternative names of the certificate.

If you have a domain structure as follows:

`www.sub-domain.domain.com, but also want to have a domain hosted at `sub-domain.domain.com`

Then the `www` portion is another sub-domain, so your certificate needs to include that as well. You wold therefore need a certificate containing at least the following names.

1. `sub-domain.domain.com`
2.  `www.sub-domain.domain.com`

And you are right - some browsers will support `*.*.domain.com` in subject alternate names (Chrome for instance), but many CAs will not allow you to issue a certificate like that - thus you can do the following.

`*.sub-domain.domain.com`
`*.other-sub-domain.domain.com`

Wild card certs and www.subdomain.domain.com

相关内容