|
|
|
|
|
|
by snowwrestler
2332 days ago
|
|
|
http://www.certera.io redirects properly to https://certera.io. https://www.certera.io fails the certificate check. It's a good example of the difficulty of getting TLS perfectly right. In theory this set up is fine; the default behavior of all the browsers when typing "www.certera.io" is to interpret it as a request for http://www.certera.io. But if the client has anything in place that automatically upgrades http to https before submitting the request, you're going to need a valid cert for the www subdomain in place or you'll throw a cert error before reaching the redirect. Even if your site omits the www subdomain in production (as certera does), a lot of users will just type it in anyway. So, you better be ready to handle that request via https. |
|
|