User wants to get to a secured page quickly without going through the site's internal navigation links. From the browser's Address bar they enter https://example.com/accounts/ and the Certificate returns an error code that when looked up indicates:
Error code: ssl error bad cert domain
The certificate was issued to www.example.com and indicates that example.com uses an invalid security certificate.I was hoping to be able to catch the request in the Application_BeginRequest event but the SSL error occurs before this. The only way that the Application_BeginRequest event is invoked is when the user clicks through the certificate error message to Proceed Anyway.
Here is an image of what to expect in Google Chrome.
The solution to this is simple but many System Admins prefer to have Dev implement a band-aid solution of redirecting traffic from the typical landing page. In other words look for a host request from example.com and redirect to http://www.example.com/ The true solution is to fix the certificate! Contact your SSL certificate provider and have them re-issue a certificate that includes a SubjectAlternativeName (SAN) entry. In our example this means theat traffic coming from either example.com or www.example.com would be correctly named and known to the certificate. In most cases the certificate authority's will do this at no additional cost. Lesson's learned!
In researching this issue it was a surprise to see that even Google has not fixed this issue yet! Again, no charge so fix it already!