So, earlier today I was in a rush to get an SSL certificate so that I could continue with other things, and I wasn't very impressed at Comodo's lack of speed. However, they were quite thorough and certainly deserve praise for it! (Skip to the bottom if you know about SSL certificates already, as the middle stuff is all just explaining things.)
Now, to be perfectly honest, the entire security certificate industry is semi-shady... Technically, nobody ever needs to purchase a security certificate as they can create their own for free and they are EXACTLY the same. However, the industry puts great effort into getting their root certificates into the major browsers so that when one of the SSL certificates issued by them comes up, the user isn't presented with a popup that prompts them to accept it. This is the ONLY difference.
Now, pretty much everyone and their grandmother will go out and buy a certificate because they aren't that expensive compared to losing face from having an inconvenient popup for their customers. So, that's the entire dilemma. YOU can't get your SSL certificate into the major browsers, but for a fee, you can piggyback off of a company that will sell you one that links to THEIR root certificate.
The industry has gone to great lengths to create all sorts of new SSL certificates of various levels and blah blah blah blah blah... Technically, they're all the same. The only real difference is in how deep into you they look to find out if you are who you say you are. THAT is what the extended certificates bring to the table, and why they are so much more expensive; they require manual labour, and can't be done automatically.
Another thing the industry has done is to structure all of their businesses around single FQDNs (Fully Qualified Domain Names), and not just regular domains. What that means is, for example, that here at Renegade Minds if we want to have SSL for "ftp.renegademinds.com", "mail.renegademinds.com", "renegademinds.com" and "secure.renegademinds.com" then we need to pay 4 times, once for each of them instead of once for "*.renegademinds.com". Pretty clever trick to rake in the bucks, eh? You'd almost think that they're related to the telcos or banking & finance industries. ;) (Oooooo... that was vicious!)
Well, I applied for "renegademinds.com", but Comodo issued me an SSL certificate for both "renegademinds.com" and "www.renegademinds.com", which I thought was pretty decent of them to do, considering how things work. I guess there almost is such thing as a free lunch. Well, if you buy one other lunch first. ;)
Maybe this is common practice now in the industry, but never-the-less, I'm still very pleased that they take the initiative to include "www" along with the base, naked domain name. It's nice to have a company actually do something nice for their customers for a change.
Cheers!
P.S.
Oh, and if you want... You can read this blog post here:
https://renegademinds.com/Home/Blog/tabid/60/EntryID/149/Default.aspx
But all WWW requests like this:
https://www.renegademinds.com/Home/Blog/tabid/60/EntryID/149/Default.aspx
We don't use here. So, the WWW doesn't really matter much for us here... But hey! It's the thought that counts! :D