On Fri, Feb 19, 2010 at 12:29 AM, James Smallacombe <up@xxxx> wrote:
> On Thu, 18 Feb 2010, John Oliver wrote:
>
>> On Thu, Feb 18, 2010 at 06:14:33PM -0500, James Smallacombe wrote:
>>>
>>> On Thu, 18 Feb 2010, John Oliver wrote:
>>>
>>>> I'm dealing with a site that is accessed via https://domain.gov The
>>>> certificate is for "domain.gov" I akready have a working rule to catch
>>>> http://domain.gov/ and rewrite to https://domain.gov/ I also got
>>>> http://www.domain.gov/ caught and rewritten with:
>>>>
>>>> RewriteCond %{http_host} ^www\.domain\.gov [NC]
>>>> RewriteRule ^(.*)$ https://domain.gov/$1 [R=301]
>>>>
>>>> However, attempts to access https://www.domain.gov/ are still an issue.
>>>> I tried:
>>>>
>>>> RewriteCond %{https} ^www\.domain\.gov [NC]
>>>> RewriteRule ^(.*)$ https://domain.gov/$1 [R=301]
>>>>
>>>> But that didn't work (I didn't really expect it to, but it was worth a
>>>> try!)
>>>>
>>>> What magic sauce do I need to catch and rewrite that attempt?
>>>
>>> I just dealt with a similar issue regarding two different certificates.
>>> Try this:
>>>
>>> Options +FollowSymlinks
>>> RewriteEngine on
>>> RewriteCond %{http_host} ^www\.domain\.gov$ [NC]
>>> RewriteRule ^(.*)$ https://domain.gov$ [R=301,NC]
>>
>> Nope... https://www.domain.gov/ still gives a certificate error.
>
> Interesting...in my case, it works perfectly redirecting between two
> different ssl certificate virtual hosts. However, both of my certs are
> valid...is it possible that the certificate error kicks in before the
> redirect happens?
>
> James Smallacombe PlantageNet, Inc. CEO and Janitor
> up@xxxx http://3.am
Yes, what you are trying to do is impossible. If a user accesses
www.domain.gov over SSL, then you will get a certificate error if you
do not have a valid SSL certificate - even if all you want to do is
redirect them to the correct site.
You will either need a new certificate for www.domain.gov, or convince
your registrar to give you a wildcard certificate for *.domain.gov, or
one with multiple subjectAltName properties (see #1)
Cheers
Tom
#1: http://www.crsr.net/Notes/Apache-HTTPS-virtual-host.html
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|