Batu69 Posted October 28, 2016 Share Posted October 28, 2016 A recent thread on twitter recently highlighted a field test flag in the chromium project that attempts to handle HTTPS errors on base domains. Essentially if you visit https://securedomain.com and the certificate is only for https://www.securedomain.com Chrome will detect this and automatically redirect the user to the www domain without showing an error. Interesting. Chrome recognizes https ://onlineservices.nsdl.com has a cert valid only for www and redirects to https://www... @Scott_Helme — @_anandbhat In his example visiting https://onlineservices.nsdl.com resulted in Chrome redirecting him to https://www.onlineservices.nsdl.com because the non-www did not have a valid certificate. The redirect only happens when a valid certificate is found on www You can see in this tweet it is Chrome itself doing the redirect. @Garyw_ @Scott_Helme @_anandbhat Seems to be Chrome itself The behaviour was confirmed by Adrienne Porter Felt who works on the Chrome usability team. — @aidantwoods @davbo the original cert is ignored completely bc it is invalid. chrome issues a new request to the WWW sub to see if it has a valid cert. — @__apf__ This could be useful for end-users frustrated with HTTPS errors due to poor server configuration. However it could present lax administrators who do a quick test in Chrome with the false sense that a certificate is correctly configured. IE, Edge and Firefox may not implement this feature which could result in a much different user experience. It seems the flag SSLCommonNameMismatchHandling is currently only in the Chrome Canary pre-release browser at present. All certificates purchased from Servertastic with the www preface on the base domain also secure the base domain at no extra cost. Article source Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.