Does Your Security Certificate Cover Your Bare Domain?

No, this is not about a dress code violation. It’s about saving people from the worry of browser security warnings. You know the ones I’m talking about: “Warning: Your connection is not secure. Someone might be trying to steal your information or your sanity. The people who run this website clearly don’t care about you!”

(Insert the word “malicious” anywhere above for added effect.)

If something like this happened to you yesterday or today when you visited oberlin.edu, please understand that we DO care. We just had to have our bare domain properly certified.

A security certificate is one of the things that make browsing via https safer than using plain-old http. We got one for “www.oberlin.edu,” which has been working fine, but the certificate did not cover the bare “oberlin.edu” (without the www). We’ve all become used to treating the “www” part as optional; usually you get the same page whether you leave it on or off, and that’s the case with oberlin.edu. But to the certificate authorities, they are not the same.

You must be thinking, “Just go ahead and add ‘oberlin.edu’ to the certificate. Problem solved.” You’re funny! It turned out to be more complicated than that. If it weren’t for our friends in CIT who came to the rescue, we’d all still be wondering if it’s really safe to look at that bare domain.

Don’t worry. We’ve got it covered.

Add Your Comments

You must be logged in to comment.