How to fix SSL error when not using www

views:

481

answers:

How to fix SSL error when not using www

My website has a SSL certificate for www.reallygreattoys.com. If you try to go to the site with https://reallygreattoys.com (no www), it gives you the untrusted connection message. Putting code in global.asax to redirect it does not work. I have code that works just fine for non https, but I suspect the certificate check happens before code in Application_BeginRequest in global.asax is run.

I don't know enough about certificates, but really why doesn't it work with or without the www. Is there a way I can fix it at the certificate level?

FYI - this is ASP.NET 1.1

+2 A:

There's no code change you can take on the server to resolve this.

Your best bet is to get a certificate with the "www-less" version of the sitename specified as the SubjectAltName. GoDaddy will do this automatically for the basic SSL cert charge (about 20$).

See https://www.fiddler2.com, for instance. Examine the certificate properties, and you'll see that it's good for "fiddler2.com" and "www.fiddler2.com".

EricLaw -MSFT- 2009-09-30 03:34:01

Thanks Eric. What you say is backed up here: http://allben.net/post/2009/02/01/SSL-Certificate-for-WWW-and-no-WWW.aspx Although godaddy's phone support had no idea what this was, it appears they do this automatically. That you for helping with this.

Scott 2009-09-30 18:41:33

This does happen before it hits the Asp.Net runtime.

This post on a sister site (serverfault.com) may hold your answer.

http://serverfault.com/questions/66708/iis-6-setting-up-301-redirect-for-non-www-to-www-for-seo

Or you can buy a new certificate.
I'm sure there are other answers as well. I would start at serverfault.com, however, as this is not a programming related issue,

David Stratton 2009-09-30 03:34:51

ansaurus

tags:

views:

answers:

How to fix SSL error when not using www

related questions