On 05/19/2010 02:02 PM, Zack Colgan wrote: > The problem you are running into is that SSL sessions are negotiated > prior to the browser sending the virtual host name, so there is no > opportunity to redirect the client to the www URL before it's too late. > Aside from purchasing a second SSL certificate for the plain domain > name or getting a wildcard certificate to cover both Unless your HTTPD supports SNI, a second certificate alone isn't going to do you any good. AFAIK, under CentOS 5, there is only one solution to this problem: a certificate with multiple alt-names (or wildcard). SNI should be a feature of RHEL 6. I believe that it's been available in Fedora since release 11. There is a configuration where a second cert will work, but you'd need an additional IP. If you run "domainname.com" on one IP with a matching cert and "www.domainname.com" on a separate IP with its matching cert, users won't get errors. Two certs will usually cost more than one cert with an alt-name, but less than throwing away your old cert to get a new cert with both names.