Avoid SSL warning when certificate is issued for root domain only [duplicate]

apache-2.2 ssl-certificate

Solution 1:

No. The TLS protocol (and its obsolete predecessor, SSL) validates the certificate according to the host part of the URL, in this case the complete domain name, before any data is transferred. This is by design, and fulfils several security requirements.

You should get a certificate (it's not called "an SSL") issued for both your domain names; the feature used to do this is called subjectAlternativeName or SAN. Sometimes you can also get a wildcard certificate that includes both *.example.com and example.com.

Solution 2:

First off, most certificates should come with www already. I haven't heard of one that only is issued for the root domain. TLS actually checks the entire URL, not just the root domain, so a certificate for the root, without WWW, will be invalid if used on a WWW domain. Wildcard and EV certificates also exist, but those are much more expensive.

As to SSL certificates, have you considered using Let's Encrypt instead of buying the certificate outright? Let's Encrypt allows you to issue multiple certificates for any number of subdomains (up to 100) for free.

Related

How can I go back in the (GNU) screen command history? (NOT shell command history!)
apache mod_deflate doesn't work with IE 7
Reverse DNS record can't point to Domain name but it can point to IP [closed]
Visual Studio 2015 JSX/ES2015 syntax highlighting
How to get an input text value in JavaScript
How do I check if gcc is performing tail-recursion optimization?
How do you load a groovy file and execute it
Split a string using C++11
SQL MERGE statement to update data
Could not find Library.apk!
Node.js https pem error: routines:PEM_read_bio:no start line
Python - rolling functions for GroupBy object