Menu
I am trying to set up SSL for the first time. I purchased my domain and SSL certificate from Gandi.net. Their docs say
subdomain.example.com indicates the subdomain that you want to protect. This is the most important part. If you have a single-address certificate to activate, you should put in the full subdomain (e.g. foo.example.com). The www subdomain is added automatically by the CA, for example, example.com will secure both example.com and www.example.com If you have a wildcard certificate, you should put in a * for the subdomain (e.g. *.example.com). Wildcard certificates also secure the raw domain (with no subdomain). - http://wiki.gandi.net/en/ssl/csr
I am hosting my app on Heroku and their docs say:
The Common Name field must match the secure domain. You cannot purchase a certificate for the root domain, e.g., example.com, and expect to secure www.example.com. The inverse is also true. Additionally, SSL Endpoint only supports one certificate per app. Please keep this in mind for multi-domain applications and specify a Common Domain that matches all required domains. - https://devcenter.heroku.com/articles/ssl-endpoint#acquire-ssl-certificate
These seem to conflict. Please advise!
480
No. If you have a non-www and fully-qualified domain name (FQDN) of the same domain, a single domain (standard) SSL certificate would be enough to cover both. However, if you have multiple subdomains that you need to cover, then you need a wildcard SSL certificate.
A SSL/TLS Wildcard certificate is a single certificate with a wildcard character (*) in the domain name field. This allows the certificate to secure multiple sub domain names (hosts) pertaining to the same base domain. For example, a wildcard certificate for *. (domainname).com, could be used for www.
When you generate a CSR, most server software asks for the following information: common name (e.g., www.example.com), organization name and location (country, state/province, city/town), key type (typically RSA), and key size (2048-bit minimum).
CSR (Certificate Signing Request) is basically general information sent to the Certificate Authority who will be validating your order and issuing the certificate. It contains reference about your company, its address and, most importantly, the domain name behind your online business.
You'll want to get a certificate from an authority that supports the Subject Alternate Name X.509 extension.
This will let you get a domain with its Common Name set to www.mydomain.com, and an Alternate Name set to mydomain.com(as Lloeki noted, you should provide both names as alternate names).
120
It depends what Certificate Authority(CA) you have been choosen to purchase certificate. Some of them provide alternate domain name including "www" like option some of them no.
As you have written above:
I am hosting my app on Heroku and their docs say:
The Common Name field must match the secure domain. You cannot purchase a certificate for the root domain, e.g., example.com, and expect to secure www.example.com. The inverse is also true. Additionally, SSL Endpoint only supports one certificate per app. Please keep this in mind for multi-domain applications and specify a Common Domain that matches all required domains. - https://devcenter.heroku.com/articles/ssl-endpoint#acquire-ssl-certificate
It is true - because yourdomain.com and wwww.yourdomain.com are considered as different domains (multi-domain) and your certificate has to be trusted to recognize both of them. So before generating CSR string please attentively read requirements for CSR string and features provided by a CA.
2
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
