Re: apache redirection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



At Wed, 19 May 2010 14:08:59 -0600 CentOS mailing list <centos@xxxxxxxxxx> wrote:

> 
> Hello everyone,
> 
> Part of our website has secured access with an SSL certificate. The
> problem we are running into is that the certificate is for
> www.domainname.com, so when they go to domainname.com (without the
> www. in front), the users are getting a "This connection is untrusted"
> warning, because the url doesn't match the certificate.
> 
> I found one site that said to make a change to the apache conf file,
> which I have done. The change that I made is adding:
> <VirtualHost xxx.xxx.xxx.xxx:80>
>     ServerName domainname.com
>     Redirect permanent / http://www.domainname.com/
> </VirtualHost>

You don't really need this -- you can just add the line below to your existing
<VirtualHost> spec for www.domainname.com

ServerAlias domainname.com

> 
> This works great to redirect the users to http://www.domainname.com
> when they go to http://domainname.com.
> 
> The problem I am running into is if they go to https://domainname.com
> (straight to the secure site), I am not able to find a solution that
> will redirect them to https://www.domainname.com, so that the ssl
> certificate matches and they won't get the "This connection is
> untrusted" warning.
> 
> I tried using the same thing as above, but changing the port number to
> 443, and the http to https on the redirect line, but that actually
> breaks the site, and only displays an error:
> Secure Connection Failed
> (Error code: ssl_error_rx_record_too_long)

Probably because the VirtualHost for domainname.com:443 does not include
the SSL cert info.  You can try including a ServerAlias line to your
VirtualHost:443 container for www.domainname.com.

The only other thought would be look at your DNS record(s) for
domainname.com and make sure those records are 'sane' (in terms of which
name has the IP address and which is a CNAME record).

> 
> Is there something obvious that I am missing? Is there a better way to
> ensure that everyone will always end up with the www in the url, so
> the certificate always matches?
> 
> Any thoughts and suggestions would be greatly appreciated.

-- 
Robert Heller             -- Get the Deepwoods Software FireFox Toolbar!
Deepwoods Software        -- Linux Installation and Administration
http://www.deepsoft.com/  -- Web Hosting, with CGI and Database
heller@xxxxxxxxxxxx       -- Contract Programming: C/C++, Tcl/Tk

                                                                                   
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux