Don't be lazy when configuring security certificates
If you're going to offer a secure protocol to your users, don't do what CSA Australia did, as I indicated in an earlier post.
Don't configure your SSL certificate for your "www" subdomain and then just assume that your users will get to your website by typing in the "www" and that the webserver will automatically take care of the rest.
It won't.
If your webserver is configured to automatically redirect to your "www" subdomain when the user hasn't used specified the silly "dubya-dubya-dubya" prefix from your website address, then you must also change all your links to secure forms to explicitly use "https://www.", instead of "https://" as the prefix for those links.
Due to the large volume of spam, comments are disabled. If you have anything relevant to say, you can leave a comment via Twitter, or contact me directly.
About the author
I'm Ivan Lutrov and I'm the owner of Lutrov Interactive. I have 25 years of experience producing interactive work and I create cost effective business websites that are simple, engaging and easy to use. I practice what I preach and I say what I really think, even if it's sometimes not what you want to hear. Subscribe to the Lutrov Interactive feed via RSS and follow me on Twitter.