I was able to solve this problem using IIS's rewrite feature. Turned out to be really easy to fix and we didn't have to purchase a new cert.

In Apache this is usually done with mod_rewrite:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

Google for "rewrite URL IIS", you'll find some equivalents for IIS.

I did some testing on this on one of my servers and here is what I found.

We have a UCC certificate which will work for 5 domains. My 5 domains are

master mydomain.com

sub alt names: mysite.com myweb.com thissite.com www.thissite.com

The reason it is set up like that is because I didn't quite understand that it wanted www. when I made it.

So,

https://mydomain.com - works
https://www.mydomain.com - works
https://www.mysite.com - ERROR
https://mysite.com - works
https://thissite.com - works
https://www.thissite.com - works.

If you have a UCC cert (it seems you do) add a subject alternate name with the www on the domain in question. It will then work for both.

I went through all the steps of trying to redirect with .htaccess and server side scripting. But, hop is right, it will not do anything if you dont fix the cert.

You will likely have to drop a domain when you rekey your cert. Just remember which one you dropped and get a new cert for that one. I will forever and always REFUSE to buy UCC certs from now on. More problems than they are worth. 1 domain = 1 cert.

If your domain is making money then its worth the money, if your not making any money - do you really need the cert?

The only solution is to include the second domain in the certificate with a SubjectAlternativeName. Some certificate authorities will allow you to do this without extra cost.

Everything else would only happen after the ssl connection is established and therefor after the error is encountered by the user.

With HTTPS the ssl connection is negotiated before any of the HTTP headers are sent to the server, including the Host:-header that tells the server for which virtual host the request is actually intended.

HOP is correct with his answer. Owen also if we had the luxury of using IIS 7 as Rewrite rules similar to the mod_rewrite rule of Apache is now possible from within IIS.

After further investigation today together with our Network Admins and our SSL Cert provider applying a SAN to our Certificate is quite possible and at no charge.

No doubt this will increase chattiness etc.!

Intresting. I have never observed this behavior in any site until I saw this question. Even google has this problem. The url below gives the bad cert error

https://google.com/accounts/

Btw, Most of the sites has a subdomain to which they protect it with a certificate. One vote up for the question.