> I think that I am going to push at management that this is a non-issue
> and not worth wasting any more time and see what they might say.
I'd like to point out that the following sites don't work with
https://domain.tld/
amazon.com
usbank.com
redhat.com
etrade.com
They all present certs for www.domain.tld. If your management feels that
your sites would benefit greatly from this type of configuration while the
above sites don't feel it to be necessary, I recommend that they try the
same test on similar large sites, and if applicable, competitor's sites.
The most compatible way to do this is to have domain.tld and
www.domain.tld resolve to different IP addresses, and have 2 certs, one
for each name on their respective IP addresses. TLS SNI can solve this
with a single IP address in Fedora 12+ and RHEL 6+ (the latter of which
doesn't exist yet) although this requires browser support of TLS SNI.
Simply put, MS IE 6 doesn't support it, which is deeply entrenched in
corporations. Firefox 2.0+ supports it as do other browsers.
As for the redirection, I would handle it with mod_rewrite as follows:
<VirtualHost XXX.XXX.XXX.XXX:443>
ServerName domain.tld
RewriteCond %{HTTP_HOST} !^www\.domain\.tld$ [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/(.*) https://www.domain.tld/$1 [L,R=301]
</VirtualHost>
Hope this helps.
Barry
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
