why can access https://www.xxx.com. but access https://xxx.com have ssl error

I have distribute a rails project.

The server is in linode (apache+passenger).

But i have strange question.

when i access my site use https://www.xxx.com . it can access normally.

But if i access https://xxx.com. it will be show a ssl error in page and need you

confirm the ssl error and then can goto the actual site.

Who can tell me how can resolve it?

Without to know the actual URL of the server it is not possible to check that, also you are missing what kind of error you get, so I can only guess that your certificate is for www.example.com and doesn’t include example . com without www.

I have distribute a rails project.

The server is in linode (apache+passenger).

But i have strange question.

when i access my site use <https://www.xxx.com> . it can access normally.

But if i access <https://xxx.com>. it will be show a ssl error in page and need you confirm the ssl error and then can goto the actual site.

Who can tell me how can resolve it?

Is your server configured to host in SSL mode? It's not just a matter of changing the URL in the browser, you have to have configured the server to listen on port 443, purchase and configure a security certificate in Apache or Nginx, and you have to configure Rails to serve in secure mode. For this last part, I really like the rack-ssl Gem.

Walter

Since it already works for one https-URL and not for the other one, I suggest that it is set up everythin to work with SSL, but the certificate is on the wrong URL (www.example.com instead of example.com + Subdomains)

Norbert Melzer wrote in post #1082257:

mhatch73 wrote in post #1082292:

Norbet is correct. You need to purchase a wildcard certificate to cover mutiple host names. if you purchased the cert for www.example.com, it is only good for that name. If you want to host mutiple names with the same certificate (provided they are in the same domain) you need to purchase a special certificate called a wild card certificate. This would cover xxx.example.com, yyy.exmple.com, example.com, etc.

As explained in the link I provided in an earlier reply, you don't necessarily have to use a wildcard certificate. It is possible to instead use the Subject Alternative Name (SAN) field in a regular (non-wildcard) certificate.

Here's that link again: http://www.digicert.com/subject-alternative-name-compatibility.htm

The difference with using SAN is that you are specifying only the names you want to be valid for the certificate (e.g. www.example.com and example.com). This certificate would not match xxx.example.com or yyy.example.com as a wildcard certificate would.

The SAN field is explained in detail here: http://www.digicert.com/subject-alternative-name.htm