I own example.com, example.net, and example.biz.
I use Apache to rewrite example.net and example.biz to example.com.
Based on this rewriting, it is my understanding that I would only need a certificate for example.com, and not example.net and example.biz. Please confirm.
I am using sub-directories and not sub-domains to structure my site.
The one exception is the www sub-domain.
If I want SSL for both example.com as well as www.example.com, do I need either two certificates or a wildcard certificate?
Would you recommend rewriting one of these domains to the other, and just using a single certificate? If so, which one would you recommend using, and why?
Best Answer
If you want a certificate to handle example.com and www.example.com you should NOT use a wilcard certificate, because
*.example.comdoes not match example.com. Instead you need a certificate which has like example.com as the common name and then add www.example.com to subject alternative names.Also, if you want https://example.net or https://example.biz redirect to https://example.com you need to add both these host names (and maybe the responding www.example.* too) also to the subject alternative names, because the redirection occurs only after the TLS handshake and certificate verification. Otherwise the browser will complain about invalid certificates and the redirect will only be effective after the user overrode this warnings.