Do I need a SSL certificate for a domain if it redirects?

0
votes

If www.example.com redirects to example.com, do I need to have a SSL certificate for www.example.com?

I'm asking because I'm renewing SSL certificates for my business and would need to buy new certificates for the www domain and don't want to expend the extra cost if it's unnecessary.

More specifically, my load balance layer is NGINX and www.example.com is rewritten to https://example.com/{params}

2
sslnginx
possible duplicate of SSL Certificates and RedirectionSteffen Ullrich
There is no such thing as 'an SSL'. Your question is about SSL certificates.user207421

2 Answers

0
votes

Generally www is included in the standard certificates. If not, you will have to buy a * (star) certificate.

0
votes

Yes, even if you are only redirecting – SSL protocol will work the same way. Browser will expect a signed SSL certificate from the first host, before it gets redirected to your real web server.

The reason is simple – browser established SSL connection first, only then sends request and realises the resource has been redirected.

However, most commercial SSL certificates work for domain.com and www.domain.com simultaneously, meaning you can install the same certificate on your redirect host and your destination web server.