Hi I currently have a web server running a *.example.com wildcard certificate from Network solutions, From what I understand *.example.com will serve anything except for the example.com as being trusted under SSL. The issue is visitors are hitting our site at https://example.com instead of https://www.example.com and getting a untrusted certificate warning or mismatch because example.com is not covered under the wild card right? So after speaking to network solutions they suggested that if I wanted https://example.com to be a valid trusted certificate I should rewrite the access of the users from https://example.com to https://www.example.com. So I came up with the following rule:

Options +FollowSymLinks
RewriteCond %{HTTP_HOST} !^www\.example\.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

The rule works but I am still getting the untrusted cert error when I hit https://example.com. Can anyone chime in on what I can do to make https://example.com trusted rather than purchasing an entirely separate certificate? for "example.com"?

Thanks

Why are they hitting https://example.com instead of http://example.com in the first place?

Are they like specifically typing the "s" into their address bar?

win32sux, Thanks for the reply, I don't know why the PHP developers coded it in since we have a login block on our primary page. Is this bad design? Should a domain never be hit directly with https://example.com? If this is a requirement of the site, can the problem I described be resolved?

Then the fix should be easy: Have them edit the PHP code so that https://www.example.com is used instead of https://example.com and you're set. My guess is the login form is using that address.

Thanks win32sux will advise on this fix.