On Tue, Jul 28, 2015 at 3:44 PM, Vick Khera <vi...@khera.org> wrote: > On Sun, Jul 26, 2015 at 10:31 PM, Ryan Coleman <ryan.cole...@cwis.biz> > wrote: > > > I have an issue with Qualy’s: They ding my certification because I have > > domain.com > > > > <http://domain.com/ > > > > > on it and not www.domain.com > > > > <http://www.domain.com/ > > > > > (multi-site cert). > > > > That’s not a reason to lower a score on security. > > > > The only way I can make sense of your sentence is that they are dinging you > for having a certificate that does not match the name of the site you are > visiting because one has "www." and the other does not. That seems to be > reasonable for them to ding you. > > Vick,
Qualys *does* take off points if you have a certificate for your "bare" domain name without it having "www" as an alternate name. For example, a certificate for 'example.com' that doesn't work for 'www.example.com' is penalized, even if it is really only used for 'example.com'. I believe that the reason they do this is because they assume that people always have their sites set up so that www redirects to bare, bare redirects to www, or both bare and www show the same content. While this may not always be true, it is an assumption that Qualys and many other people make, so it is included in the grade. Moshe -- Moshe Katz -- mo...@ymkatz.net -- +1(301)867-3732 _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
