Hacker News new | past | comments | ask | show | jobs | submit login

Typically a certificate issuer will grant you both when you buy a wildcard one.

This can be achieved via SAN (alternative names): http://en.wikipedia.org/wiki/Wildcard_certificate#Limitation




Comodo's been good to me in this regard.

Incidentally, beware of RapidSSL and their "free www." SAN; they only grant it in certain specific and undocumented circumstances.


With RapidSSL if you order a cert for www.domain.com then it will also cover domain.com. But if you order a cert for domain.com or sub.domain.com then it will NOT secure the www.domain.com.

So basically make sure your CSR request is for www.domain.com if you want to also secure the root domain.


Bizarrely, this only works for second-level domains however, and isn't disclosed in advance.

Really, CAs shouldn't be throwing in "free bonus" SANs without customer authorization ever. It would be much better to have a place to enter the SANs, or a checkbox asking if I want "www." as well, or to apply to the parent also, or whatever. That would also make the process more apparent to the user in addition to being more secure.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: