4 comments

[ 2.3 ms ] story [ 11.5 ms ] thread
Firefox gives this:

  The certificate is only valid for the following names:
  ieonline.microsoft.com , *.bing.com , *.windowssearch.com  
and https://www.bing.com has a different problem:

  The certificate is only valid for the following names:
  a248.e.akamai.net , *.akamaihd.net , *.akamaihd-staging.net  
The second is one I've seen a lot (https://npr.com/ for example) but that first one is odd. Does *.bing.com not cover bing.com?
No. Wildcard certificates do not cover the root domain name. I recently ran into this particular issue with our site, and we determined that the only viable alternatives are using an certificate with a "Subject Alternative Name" (an X.509 extension) to cover the root domain name, or to use multiple certificates.