Chrome testing HTTPS redirect when certificate hostname is invalid

Andy Gambles
Oct 27, 2016 · 2 min read
Image for post
Image for post

A recent thread on twitter recently highlighted a field test flag in the chromium project that attempts to handle HTTPS errors on base domains.

Image for post
Image for post

Essentially if you visit https://securedomain.com and the certificate is only for https://www.securedomain.com Chrome will detect this and automatically redirect the user to the www domain without showing an error.

In his example visiting https://onlineservices.nsdl.com resulted in Chrome redirecting him to https://www.onlineservices.nsdl.com because the non-www did not have a valid certificate. The redirect only happens when a valid certificate is found on www

You can see in this tweet it is Chrome itself doing the redirect

The behaviour was confirmed by Adrienne Porter Felt who works on the Chrome usability team.

This could be useful for end-users frustrated with HTTPS errors due to poor server configuration. However it could present lax administrators who do a quick test in Chrome with the false sense that a certificate is correctly configured. IE, Edge and Firefox may not implement this feature which could result in a much different user experience.

It seems the flag SSLCommonNameMismatchHandling is currently only in the Chrome Canary pre-release browser at present.

All certificates purchased from Servertastic with the www preface on the base domain also secure the base domain at no extra cost.

Servertastic

Stories from the world of servertastic.com

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store