An Important Update

Dear Followers Of This Blog ...

If you did not use a Blogger / Google account when you Followed this blog, years ago, you are probably not Following now . During the past...

Monday, November 02, 2015

SSL and the "www" alias of "blogspot.com"

Last month, we observed that SSL, though generally available for blogs published to "blogspot.com", did not work for all such blogs.

Owners of blogs who used the "www" alias of "blogspot.com", such as my BlogSpot mirror blog "https://blogger-status-for-real.blogspot.com/", reported annoying error messages, when trying to access the "www" alias of the blog, using SSL.
Your connection is not private

For my BlogSpot mirror blog, you'll see the problem, when viewing "https://www.blogger-status-for-real.blogspot.com/". The problem apparently involves the SSL certificate for "blogspot.com", which does not include the "www" aliase for the subdomains (such as "blogger-status-for-real.blogspot.com").

This month, Blogger decided to drop support for the "www" alias of "blogspot.com", when using SSL.

This means that you can have either SSL for your "blogspot.com" published blog - or you can let your blog be referenced using the "www" alias - but you cannot have both. "https://www.blogger-status-for-real.blogspot.com/" will simply not be available.


Nobody can access my test blog - without some scary decisions - and extra work.


A blog with an invalid certificate, when SSL access is attempted, can be accessed - but not using SSL. The browser, that the reader is using, will not connect to a website with an invalid certificate, using SSL.


The link to the blog is there - if you look for it. How many would be readers will willingly connect to the unsafe non SSL connection?


If the blog uses HSTS, instead of HTTPS, a connection will not be available, period.


This is my mirror blog. It, too, is not accessible using SSL.



My mirror blog, however, uses HSTS - and HSTS does not offer an insecure access option. Blogs which use HSTS won't be accessible, period, insecurely.


If you're going to offer SSL access to your blog, your readers won't be happy, using the "www" alias - if the alias works, at all.

Dude, hit me with a comment!