cert handling on redirect of https subdomains

Igor Sysoev is at rambler-co.ru
Fri Sep 12 15:08:20 MSD 2008

On Fri, Sep 12, 2008 at 12:35:29PM +0300, Reinis Rozitis wrote:

> >Interesting.  The reason for the limitation makes more sense now.  But why 
> >do the first *two* virtual domains (example.com and www.example.com) work?
> Usually the signed SSL cert contains both domains (Common Name) eg the 
> short example.com and the long www.example.com (at least GoDaddy always 
> adds both even you dont specify that).
> So basically you get a simple wilcard certificate...( to look up what 
> Common Names you have 'openssl x509 -in filename.crt -noout -text' )

You may be right.

However, I believe GoDaddy is pleasing exception: they use such certificate
even on own site. Contrariwise, https://verisign.com and https://thawte.com
present www.* certificate versions.

Igor Sysoev

More information about the nginx mailing list