I just acquired an SSL Cert for our domain tspack.us - so I am assuming that the Cert is ONLY good for that exact name correct?
Yes, but a certificate can include multiple domain names, and some CAs will actually add the www.
as a second name for free. Open your .crt file and check what's in the "Subject Alt Name" extension – that's the list of valid names.
I technically can't use www.tspack.us because it won't match exactly with tspack.us is my understanding.
Yes, it has to be an exact match. If the CA did not include the subdomain variant in the cert's SubjectAltName, then you cannot use the cert for that.
Also, do I still require 2 bindings on my webserver? For example: tspack.us:80 and tspack.us:443
It's still a good idea to have a binding on :80 that redirects to the primary website at :443, even though some browsers now go straight for :443 first, there could still be some that start at :80.
(Note: In Apache, you don't want domain:80
, you want to use *:80
and *:443
.)
If you don't have the binding, it could be that the webserver is still listening for requests on :80 and is serving some generic "It Works!" webpage. You don't want visitors to be stuck on that. Either it should serve at least a redirect, or it shouldn't be listening on that port at all.
(However, even in that case, keep port 80 open – do not let your firewall completely drop the connection. That'll result in a long initial delay for such visitors. The connection should be either immediately accepted or immediately refused, but not dropped. So it's going to be easier to just have a binding/vhost on :80 like you normally would.)