[thelist] eCommerce / Secure Cert / domain path question

Brian White - WebHostingSolutions.com bwhite at webhostingsolutions.com
Sun Jul 18 15:58:22 CDT 2010

>>>A client has website abc; wishes to add abc/some_other_service and 
>>>perhaps abc/some_otherservice2
>>>The subservices will operate, appear to operate independently. 
>>>Because it's all living under the shadow of www.abc.com will the 
>>>secure certificate implemented for www.abc.com work with the 
>>>subservices?  Assume that the subservices will have a different 
>>>look/feel, but any dollars generated end up in the same pockets.
>>>Bob Meetin
>>>dotted i
>>>303-926-0167 (home/business)
>>If the secure certificate was purchased for abc.com, then yes, 
>>anything under/trailing abc.com can be secure, as long as the links 
>>begin with https and of course include abc.com as the qualified 
>>domain in the URL.
>==>>>> To be clear, cert for abc.com works for https:://abc.com, not for
>https://www.abc.com/.  And a wildcard cert for *.abc.com does not work for
>http://abc.com/ (but *.abc.com works).  And cert for www.abc.com only works
>for https://www.abc.com, not https://abc.com. <<<<==
>Thanks, yes I'm reading all the messages including the ones that 
>came after this.  Am I understand this and the following threads 
>correctly?  Although subfolders would be secured we would still need 
>to cover the various user connection methods?
>We purchase a certificate for www.abc.com, so
>are covered, but not:

No. If you purchase a secure cert that allows for use both with and 
without "www", you're all set.

>If we set up redirection in the .htaccess so that:
>are all redirected to http://www.abc.com, will that cover the 
>problem?  Otherwise, would the GlobalSign handle this? This is just 
>a bit confusing.

Yes, the Globalsign certs that we resell can handle that. There needs 
to be the proper setup on the server as well, but it shouldn't 
present a problem in most situations.

>Another option I hadn't considered would be to set up a single 
>master payment type website so that all payments get redirected.

That's more of a "how to do business" question than a technical one. 
When you first mentioned that the different services under the same 
domain would "operate independently", I wondered why they'd want to 
use the same domain on the purchase page for the otherwise 
"independent" services. How to explain that to customers looking to 
buy something on the Web site and then being taken to a different 
domain for checkout?

If you do get one domain to handle only the purchase/checkout 
process, you'd still want to at least try to make some kind of 
connection between the businesses/services, otherwise it would be 
best for each one to have its own checkout page/domain.

>Bob Meetin
>dotted i
>303-926-0167 (home/business)


Brian White
President - WebHostingSolutions.com
"Because Every Click Is A Customer"
Web Hosting \ Web Design \ E-Commerce
Please follow us on our 

More information about the thelist mailing list