Spiderman: Far From Home, but not too far from a DNS update

These days, I’m not entirely convinced movies need websites. They can be costly, nobody I know visits them (including myself) and quite frankly everybody just looks at the trailers on YouTube (or wherever) and waits for the movie to be released. When the iTunes, DVD or Blu-Ray is released, you usually have extras to tide you over for BTS stuff.

Sony’s system admins look to have made a bit of a boo boo recently. The new teaser trailer for Spiderman: Far From Home hit YouTube. Within the description was an URL: https://spidermanfarfromhome.movie.


The problem is that Sony uses a service called Akamai to provide security and performance at the edge. This means that Akamai is actively sitting in front of the origin servers and will cache content as well as protect against attacks via it’s web application firewall.

The problem here is that Sony didn’t update the bare domain (spidermanfarfromhome.movie) to point to Akamai. It’s pointing to Sony’s own servers. And their servers, while it has a TLS certificate with multiple SANs (Subject Alternative Names), it doesn’t reference the bare domain – just a subdomain (www.spidermanfarfromhome.movie). Hence the above error.

Sony just needs to update the DNS to point the bare domain to Akamai, and all would be good. The Akamai TLS edge certificate DOES contain spidermanfarfromhome.movie within it’s list of hostnames, so won’t error.

It would have been better for Sony to have advertised www.spidermanfarfromhome.movie instead – most people are still used to the ‘www’ prefix anyway…

(As a side note, Sony yet again muck things up by linking to various legal pages (such as their Terms of Use) at sonypictures.com which is served unencrypted – D’OH)