Frank,
thanks. I looked at the compatibility and that does not look too good as
we have loads of people using IE7 and XP, not sure ... it looks good, though.
Our company uses Firefox 3.68 so thats not the problem but I have
online questionnaires that rely on the https stuff, and lots of our
clientele use IE7 (and many use IE6) :-(
Jobst
On Mon, May 30, 2011 at 10:38:05PM -0400, Frank Gingras (francois.gingras@xxxxxxxxx) wrote:
> On 30/05/2011 7:32 PM, Jobst Schmalenbach wrote:
> >Hi.
> >
> >I have a problem that one of my domains is listed on google as https
> >and I do not have a valid certificate and neither do I need to
> >have one.
> >
> >I have sent an email to technical support at google and they have
> >come back to me with a couple of suggestions and told me too that
> >they had a look at my site "and I am doing the right things".
> >
> >The server in question hosts a few domains (all virtual hosts)
> >and has three domains running that have valid security certificates
> >which are virtual hosts too. All the virtual hosts work correctly
> >and in all cases the domain.com.au redirects correctly to
> >www.domain.com.au. The three virtual certificate domain all work
> >corretly as well.
> >
> >The problem I have is when ANY of the domains that do NOT have
> >a valid https certificate go to the main server and off course read
> >the incorrect certificate.
> >
> >Is there a way of telling apache NOT to go down the https path
> >but immediately redirect the request to http without requiring
> >to return the security certificate to the browser and telling
> >the browser there is no such thing?
> >
> >I know I can do this:
> >
> > RewriteCond %{SERVER_PORT} 443
> > RewriteRule ^(.*)$ http://%{HTTP_HOST} [R=301,L]
> >
> >but that still leads to asking the user that the certificate
> >is incorrect as it is trying to read the main server's certificate.
> >
> >I have tried to setup a _default_ virtual host, and within that
> >virtual host I turn off SSL but I still get these problems.
> >
> >Is there any way I can get around this?
> >
> >
> >thanks
> >Jobst
> >
> >
> >
> >
> >
>
> Jobst,
>
> Configure the server to use SNI, and you can define a vhost for each
> hostname, and avoid the certificate mismatch.
>
> As for requests like https://1.1.1.1/, you'll need a vhost with that IP as the CN, as well.
>
> Frank
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--
#include <signature.h>
| |0| | Jobst Schmalenbach, jobst@xxxxxxxxxxxxxx, General Manager
| | |0| Barrett Consulting Group P/L & The Meditation Room P/L
|0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|