SSL Certificate error?

[jmp04]

Your site appears to work with the www on it now on the secure pages ... are you still having problems?

NOTE: I do get the failure if I remove the www from the secure URL ...

Oh and yes i still am getting the error on my fresh install of IE8, heart have said they cant replicate it at their end at all. I have a feeling it may be an initial IE install error, as i DO NOT have updates on them.

[Vger]

As I said I have looked at your site using my iE8 and I don't see an error. But in answer to your previous question:

1. Your SSL Certificate should be valid for both yourdomain.com and for www.yourdomain.com

2. If someone goes to https://yourdomain.com then they should see your website and it should use your SSL Certificate, and not the servers SSL Certificate.

I suspect that there is no A Record for 'yourdomain.com' or else your SSL Certificate is only linked to www.yourdomain.com

Either way you need to get your hosts to sort it out.

I suppose it is just possible that your Geo Trust SSL Certificate is only valid for www.yourdomain.com and not for yourdomain.com - but if that's the case then you were badly advised in buying it and should have purchased Comodo instead.

Vger

[jmp04]

As I said I have looked at your site using my iE8 and I don't see an error. But in answer to your previous question:

1. Your SSL Certificate should be valid for both yourdomain.com and for www.yourdomain.com

2. If someone goes to https://yourdomain.com then they should see your website and it should use your SSL Certificate, and not the servers SSL Certificate.

I suspect that there is no A Record for 'yourdomain.com' or else your SSL Certificate is only linked to www.yourdomain.com

Either way you need to get your hosts to sort it out.

I suppose it is just possible that your Geo Trust SSL Certificate is only valid for www.yourdomain.com and not for yourdomain.com - but if that's the case then you were badly advised in buying it and should have purchased Comodo instead.

Vger

I asked the guys if it was valid for both www.mydomain.co.uk and mydomain.co.uk and got the following answer:

Thanks for your reply,

No, an SSL is valid only for a single subdomain, in this case 'www' - which is why the IP address for the www sub-domain was changed.

I have a .htaccess file thats making sure everything connects to the www.mydomain.co.uk thats in the root zencart install, should i copy this file into each subdirectory ?

Also i was thinking of getting a comodo one but heart REFUSED to give me the code needed to apply and gain an SSL elsewhere, as if id have gone to geotrust straight away itd have cost about 15% less, bit annoying but nothing i can do now. (im pretty sure thats against anti-competition law tbh)

[Vger]

Unfortunately your redirect to www.yourdomain.com cannot possibly work for https addresses, because if people go to just https://yourdomain.com they end up connecting to the server and not your website, see the servers SSL Certificate, get a warning, and even if they elect to proceed they end up with a "403 Forbidden" error. This is a crazy setup.

It's not just Comodo which now covers both addresses, even very cheap SSL Certificates cover both - so Geo Trust is the exception to the rule - and when your hosts say that SSL is only valid for a single subdomain they are talking only about the Geo Trust certificate they installed.

Up until 3 years ago we used to buy Geo Trust SSLs for our customers, but switched to Comodo because Geo Trust's Support was so appalling. There is no Geo Trust Support outside of USA office hours or on USA Public Holidays - they forget that their products are sold all around the world.

Vger

[jmp04]

Unfortunately your redirect to www.yourdomain.com cannot possibly work for https addresses, because if people go to just https://yourdomain.com they end up connecting to the server and not your website, see the servers SSL Certificate, get a warning, and even if they elect to proceed they end up with a "403 Forbidden" error. This is a crazy setup.

It's not just Comodo which now covers both addresses, even very cheap SSL Certificates cover both - so Geo Trust is the exception to the rule - and when your hosts say that SSL is only valid for a single subdomain they are talking only about the Geo Trust certificate they installed.

Up until 3 years ago we used to buy Geo Trust SSLs for our customers, but switched to Comodo because Geo Trust's Support was so appalling. There is no Geo Trust Support outside of USA office hours or on USA Public Holidays - they forget that their products are sold all around the world.

Vger

they shouldnt end up ever going to the http://mydomain.co.uk if theres a redirect on the main page to the www.mydomain.co.uk, and should always stay on that subdomain shouldnt they ?

Seen as though im in contract, ill shop around in afew months time and look elsewhere for my hosting and certificate i think.

[Vger]

they shouldnt end up ever going to the http://mydomain.co.uk

That address isn't a problem, it's https://mydomain.com which is the problem. I agree that people shouldn't go there, but some people will and it's simply not acceptable that they end up on a server page when they do.

Your solution is partly correct. I say "partly" because I don't see the point in putting up with something substandard to save some money when sticking with it over a period of months could cost you more in lost business.

Vger