

Ask HN: Which SSL certificate - ikusalic

I want to secure a single site that redirects from bare domain to &#x27;www&#x27; subdomain. I&#x27;m assuming I need a SSL certificate with 2 names: example.com and www.example.com.<p>What CA and specific certificate would you recommend? The site does not deal with any payment or login data. So something cheep that is well supported in browsers would be preferable.
======
mattkrea
RapidSSL and PositiveSSL should be fine (personal preference is buying through
Namecheap) and if you buy the www.example.com cert it will support example.com
as well.

You may want to confirm that last bit with wherever you buy the cert--
Namecheap does this but I'm not sure if its universal.

~~~
ikusalic
Thanks. I'd actually prefer to by through Namecheap as well. I saw RapidSSL
and PositiveSSL certs, but I thought they are not suitable if I want both w/
and w/o 'www' subdomain.

So if I buy RapidSSL or PositiveSSL through Namecheap for www.example.com,
they will automatically come with example.com in SAN?

Also, why do they have "You also need to have a dedicated IP address" in the
requirements? Is this used somewhere in the validation process? I'm asking
because the website runs on top of AWS S3, so I do not have dedicated IPs.

~~~
dangrossman
> Also, why do they have "You also need to have a dedicated IP address" in the
> requirements?

Because a web server that hosts multiple secure websites needs a way to know
which of the certificates to use to encrypt a new incoming connection. The way
we disambiguate that is to give each website a different IP address. In short,
it's about the way SSL works, not anything to do with validation.

~~~
ikusalic
Thanks for the explanation. To my understanding, that's only necessary when I
actually use the certificate, not as the part of certificate validation. I
assumed the validation would happen with me setting some DNS record with
particular value they can validate or something similar.

