如果所有子域都指向网站根目录，则必须使用通配符SSL证书

Question

I am completely new to SSL certificates and need to purchase one pretty soon. There seems to be a huge price increase when sub-domains come into play.

My question is this:

I have my site set up so that username.domain.com is rewritten via htaccess to domain.com?user=username

If I have my web site set up so that all sub-domains are virtual and point to the same location, do I need to buy a wild-card SSL Cert?

Answer 1

If you want the user to be able to view your site by visiting https://username.domain.com and browse under that same domain (meaning they'll always be making requests to https://username.domain.com ), then you're going to need a wildcard SSL certificate. If you just have an SSL certificate installed for domain.com, then the request will not have the chance to get rewritten by your server. The browser will throw a security exception first, since the domain on the certificate does not match the domain being viewed.

If you don't mind having your users browse your site at https ://domain.com?user=username, then you could have them first visit http ://username.domain.com and then redirect them to https ://domain.com?user=username. Then all secure browsing would have to take place under https://domain.com , and that would eliminate the need for a wildcard certificate.

When you go to purchase your SSL certificate, I would recommend asking for tech support and running your scenario by them. I've found Digicert to be very helpful in this regard (and no I do not have any affiliation with them other than being a customer), but I'm fairly certain they will confirm that you need a wildcard certificate.