Published in


Chrome testing HTTPS redirect when certificate hostname is invalid

A recent thread on twitter recently highlighted a field test flag in the chromium project that attempts to handle HTTPS errors on base domains.

Essentially if you visit and the certificate is only for Chrome will detect this and automatically redirect the user to the www domain without showing an error.

In his example visiting resulted in Chrome redirecting him to because the non-www did not have a valid certificate. The redirect only happens when a valid certificate is found on www

You can see in this tweet it is Chrome itself doing the redirect

The behaviour was confirmed by Adrienne Porter Felt who works on the Chrome usability team.

This could be useful for end-users frustrated with HTTPS errors due to poor server configuration. However it could present lax administrators who do a quick test in Chrome with the false sense that a certificate is correctly configured. IE, Edge and Firefox may not implement this feature which could result in a much different user experience.

It seems the flag SSLCommonNameMismatchHandling is currently only in the Chrome Canary pre-release browser at present.

All certificates purchased from Servertastic with the www preface on the base domain also secure the base domain at no extra cost.



Stories from the world of

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Andy Gambles

Tech, Web Security, Business, Marketing, Housing Board Director.