Re: apache redirection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 05/19/2010 02:02 PM, Zack Colgan wrote:
> The problem you are running into is that SSL sessions are negotiated
> prior to the browser sending the virtual host name, so there is no
> opportunity to redirect the client to the www URL before it's too late.
>   Aside from purchasing a second SSL certificate for the plain domain
> name or getting a wildcard certificate to cover both

Unless your HTTPD supports SNI, a second certificate alone isn't going 
to do you any good.  AFAIK, under CentOS 5, there is only one solution 
to this problem: a certificate with multiple alt-names (or wildcard).

SNI should be a feature of RHEL 6.  I believe that it's been available 
in Fedora since release 11.

There is a configuration where a second cert will work, but you'd need 
an additional IP.  If you run "domainname.com" on one IP with a matching 
cert and "www.domainname.com" on a separate IP with its matching cert, 
users won't get errors.  Two certs will usually cost more than one cert 
with an alt-name, but less than throwing away your old cert to get a new 
cert with both names.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux