Not sure whether you need a separate SSL certificate for WWW domains and those without the WWW? The answer is no, you don’t. But, admittedly, this is a confusing topic. That’s largely owing to the fact that URL structure is a foreign concept to many people. So, just to reiterate, you do not need a different SSL certificate for WWW and non-WWW domains.
Now, let’s talk about why I don’t need an SSL certificate for WWW and without WWW in the domain name.
Why You Don’t Need Separate SSL Certificate for WWW and Without
To put it simply, WWW is a subdomain. Let’s start with what subdomains are. In a URL, the subdomain exists directly in front of the fully qualified domain name, or FQDN. Subdomains look like this:
Nowadays, we use subdomains a bit differently. WWW is a subdomain from another era. It’s kind of like the plot from the film Encino Man, except Brendan Fraser is played by an archaic alias from the prehistoric days of the internet. And there is no Paulie Shore. Which, frankly, is probably an improvement, bud-dy.
You see, contrary to popular belief, the internet and the worldwide web (WWW) are not the same thing. The worldwide web is a subset of the internet. Early on, in the primitive days of the internet — back in the 1990s — it was common to assign a domain name alias to servers for common function like email (SMTP) or file transfers (FTP), etc. WWW is one of those aliases — it denoted website functionality.
That’s obviously no longer the case. But, like a persistent malware infection — WWW is hard to kill. While many websites have dropped the WWW, many others still use it. And lots of websites use both. WWW is probably never going to completely go away. So maybe the malware was a poor comparison.
Anyway, certificate authorities (CAs) know how the internet is still split between WWW and non-WWW iterations, which means a lot of their customers need their SSL certificates to cover both. And they do.
When you create the certificate signing request (CSR) for your SSL certificate, simply list the other version of your site, either the WWW or non-WWW, in the Subject Alternative Name (SAN) field — whichever version you didn’t use in the FQDN fields.
Some CAs will even issue the certificate for both versions if you don’t list them in the CSR. But it’s best not to take any chances and list them anyway.
And if your CA won’t issue you a certificate that covers both — call us. We know some CAs who will, and we guarantee they’ll be less expensive than what you’re paying for now.
Learn About the Different Types of SSL Certificates
There’s a lot to know about SSL certificates and their validation levels. We’ve got you covered.