CNAME SSL certificates

Tag: ssl , dns , certificates , cname Author: ice_fir0416 Date: 2012-03-13

I'm a user I go to which has an image on the page that links to which is a CNAME for If I navigate to am I going to get the green lock? Even if does not have a certificate?

this a crafty question, but you won't circumvent ssl by proposing a dns CNAME entry. we see this at quite a lot, but the answer you are looking is the one below

Best Answer

Whether your DNS entry uses a CNAME or an A record doesn't matter. What matters is the host name the client is trying to connect to. It must match one of the Subject Alternative Names in the certificate of the server providing that resource (or, failing that, it must match the CN RDN of the cert's Subject DN).

If embeds an image to (providing both are served over HTTPS with valid certificates for each) and if there is no mixed content (no resource loaded over http://, that is no JavaScript, no image, no iframe, ...) then you should get the green/blue bar as appropriate.

If is a CNAME to and the requests are made to, this machine must present a certificate valid for to the client.