secured sub-domain

I read through the posts and saw some similar issues as the one I have, but I haven't seen this resolved, so I'm posting a new thread.

I have a working site with multiple ASP.NET apps running within sub-folders. I'm able to programmatically redirect to sub-domains (sub-folders) just fine on various http requests.

Recently one business process required the collection of personal information, and we purchased an SSL certificate to safely accomplish the task.

We wanted to restrict the secured area within one specific sub-domain and not apply the SSL certificate to the entire site, so we chose the common name secure.domain.com.

Now.. I can redirect a call to secure.domain.com to the sub-folder we've installed the app (domain.com/secure). However, the browser issues a client warning: "There is a problem with this website's security certificate." Because, literally, secure.domain.com is not the same as domain.com/secure.

I assumed (incorrectly, according to support) that the DNS record could be updated at the server to resolve secure.domain.com to domain.com/secure and our clients would not get a message that makes them wonder if we're a legitimately secured site.

I tried to add a CNAME record to make secure.domain.com an alias for domain.com/secure, but when I tried to set it up, the interface tells me that domain.com/secure is not a valid location. Does the UI for CNAME editing expect an absolute reference or ... ? Using a relative name is not working for me. I could find no documentation that explains how to accomplish what I need to do.

Any help would be appreciated.

- We do have unlimited sub-domains with unique IP
- Using IIS6 (can't try IIS7 rewrites and not going to attempt upgrade for now)

thanks,
tde

 

Hey Bruce,

So what he could have done is to match the common name to domain.com/secure?

I have a similar problem. But still not decided if subdomains will fix that.

 

You could get a wildcard certificate, which would match anything on the domain.