[CentOS] apache redirection

Gordon Messmer yinyang at eburg.com
Thu May 20 01:30:29 UTC 2010


On 05/19/2010 02:02 PM, Zack Colgan wrote:
> The problem you are running into is that SSL sessions are negotiated
> prior to the browser sending the virtual host name, so there is no
> opportunity to redirect the client to the www URL before it's too late.
>   Aside from purchasing a second SSL certificate for the plain domain
> name or getting a wildcard certificate to cover both

Unless your HTTPD supports SNI, a second certificate alone isn't going 
to do you any good.  AFAIK, under CentOS 5, there is only one solution 
to this problem: a certificate with multiple alt-names (or wildcard).

SNI should be a feature of RHEL 6.  I believe that it's been available 
in Fedora since release 11.

There is a configuration where a second cert will work, but you'd need 
an additional IP.  If you run "domainname.com" on one IP with a matching 
cert and "www.domainname.com" on a separate IP with its matching cert, 
users won't get errors.  Two certs will usually cost more than one cert 
with an alt-name, but less than throwing away your old cert to get a new 
cert with both names.



More information about the CentOS mailing list