Igor...
You have 2 SAME rewrite rules!
Now I will translate what they mean:
IF page is requested on NON-SSL port 80 THEN rewrite url to SSL version of
it, with www..., --> redir 301, last(stop rewriting)
NOW, do you understand that second rewrite block inside <VirtualHost
_default_:443> will NEVER get executed.
So delete it from there
And the first rewrite rule(which is same as second), will NOT triger if you
access by:
https://www.domain.com
https://domain.com
... and no rewriting will occur for https://domain.com
As port = 80, rule is not satisfied!
So for one of those domains, you will get SSL cert mismatch, as you can
have cert just for one domain!
----- Original Message -----
From: Igor Cicimov <icicimov@xxxxxxxxx>
To: users@xxxxxxxxxxxxxxxx
Date: Thu, 16 Jul 2009 14:36:04 +1000
Subject: Re: SSL cert for alias too
> Of course it works if you do it right.
>
>
> 1. Outside ssl virtual host:
>
> RewriteEngine On
> RewriteCond %{SERVER_PORT} ^80$
> RewriteRule ^(.*)$ https://www.domain.com$1 [R=301,L]
>
>
> 2. Inside the ssl virtual host:
>
> <VirtualHost _default_:443>
> ServerName domain.com
> ServerAlias www.domain.com
>
> RewriteEngine On
> RewriteCond %{SERVER_PORT} ^80$
> RewriteRule ^(.*)$ https://www.domain.com$1 [R=301,L]
> .
> .
> .
> SSLEngine on
> SSLProtocol -ALL +SSLv3 +TLSv1
> SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
> SSLCertificateFile /usr/local/apache2/conf/ssl.crt/www.domain.crt
> SSLCertificateKeyFile /usr/local/apache2/conf/ssl.crt/unencrypted.key
> SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/intermediatecrt.crt
> .
> .
> .
>
>
> </VirtualHost>
>
>
>
> It works for me for sure don't see any reason why it shouldn't work for
you?
>
> Cheers,
>
> Igor
>
> On Thu, Jul 16, 2009 at 7:00 AM, Aaron Turner <synfinatic@xxxxxxxxx>
wrote:
>
> > On Wed, Jul 15, 2009 at 12:34 PM, <rank1seeker@xxxxxxxxx> wrote:
> > > I did a redirect, that works both for http and https. But still...
> > > Request for domain.com just BEFORE redirect to www.domain.com,
> > > Issues warning in browser and in my apache error log I get line:
> > > [warn] RSA server certificate wildcard CommonName (CN) `*.domain.com'
> > does
> > > NOT match server name!?
> > >
> > > After AND IF client ignores warning, he gets redirecteted properly
> > >
> > > What now?
> > > SSL cert for each, as SSL wildcard doesn't work in this case.
> >
> > You need two certs. www.domain.com and domain.com.
> >
> > Redirect won't work in this case because it is done at the HTTP layer
> > and the SSL handshake occurs before the GET request.
> >
> >
> > --
> > Aaron Turner
> > http://synfin.net/
> > http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix &
> > Windows
> > Those who would give up essential Liberty, to purchase a little
temporary
> > Safety, deserve neither Liberty nor Safety.
> > -- Benjamin Franklin
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >
> >
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|