> I think that I am going to push at management that this is a non-issue > and not worth wasting any more time and see what they might say. I'd like to point out that the following sites don't work with https://domain.tld/ amazon.com usbank.com redhat.com etrade.com They all present certs for www.domain.tld. If your management feels that your sites would benefit greatly from this type of configuration while the above sites don't feel it to be necessary, I recommend that they try the same test on similar large sites, and if applicable, competitor's sites. The most compatible way to do this is to have domain.tld and www.domain.tld resolve to different IP addresses, and have 2 certs, one for each name on their respective IP addresses. TLS SNI can solve this with a single IP address in Fedora 12+ and RHEL 6+ (the latter of which doesn't exist yet) although this requires browser support of TLS SNI. Simply put, MS IE 6 doesn't support it, which is deeply entrenched in corporations. Firefox 2.0+ supports it as do other browsers. As for the redirection, I would handle it with mod_rewrite as follows: <VirtualHost XXX.XXX.XXX.XXX:443> ServerName domain.tld RewriteCond %{HTTP_HOST} !^www\.domain\.tld$ [NC] RewriteCond %{HTTP_HOST} !^$ RewriteRule ^/(.*) https://www.domain.tld/$1 [L,R=301] </VirtualHost> Hope this helps. Barry