All websites are accessible via a domain name.
For example the University home page is accessible at www.adelaide.edu.au. You can also get to it by dropping the www, and just using adelaide.edu.au. Both names refer to the same server, or host. For the purposes of this discussion a website with its own domain name(s) is said to be served on a "virtual host".
When a website has secure content, the HTTPS protocol is used to serve those pages or files. Typically you are asked to log in before seeing the content, and at this point the first part of the address displayed in your browser switches from http:// to https://. When this happens your browser and the server exchange security certificates and establish an encrypted connection.
The web cluster for corporate sites uses a wildcard certificate that covers domain names of the form *.adelaide.edu.au. Strictly according to the standard covering SSL certificates, this doesn't cover names matching *.*.adelaide.edu.au.
However most browsers have a relaxed implementation in this respect and allow the single wildcard "*" to cover deeper levels of subdomains. IE6 raises a warning that is trivially dismissed, but IE7 and up give more dire looking errors.
Several steps have been taken to avoid this issue:
- All virtual hosts have dual configs to work with and without www.
- Links to log into a secure site automatically have www. stripped
- All links in HTML documents matching https://www.*.adelaide.edu.au have the www. stripped
- Creation of new subdomains is discouraged for public sites
If you have a website on a subdomain, a good workaround is to always refer to your website as <my-site-name>.adelaide.edu.au and never add the www prefix.
Virtual Hosts Not Using the University "adelaide.edu.au" Subdomain
For sites hosted by the University who are not using a *.adelaide.edu.au subdomain, secure connections cannot be used reliably. That is, if the site operates as sitename.org, or sitename.net, or another non-University URL then secure connections, e.g. intranet or restricted areas, may not be available.
Internet Explorer 7 does not provide any way to trust a certificate that doesn't match the parent domain (i.e. *.adelaide.edu.au) and therefore the University's certificate will not be able to cover the site.
The secure areas can be accessed by using Firefox to browse the site and setting it to add a permanent security exception. The responsibility for training any users who require access to the secure areas would lie with the site maintainers and cannot be undertaken by the Web Team.