[CentOS] apache redirection
Gordon Messmer
yinyang at eburg.com
Thu May 20 01:30:29 UTC 2010
On 05/19/2010 02:02 PM, Zack Colgan wrote:
> The problem you are running into is that SSL sessions are negotiated
> prior to the browser sending the virtual host name, so there is no
> opportunity to redirect the client to the www URL before it's too late.
> Aside from purchasing a second SSL certificate for the plain domain
> name or getting a wildcard certificate to cover both
Unless your HTTPD supports SNI, a second certificate alone isn't going
to do you any good. AFAIK, under CentOS 5, there is only one solution
to this problem: a certificate with multiple alt-names (or wildcard).
SNI should be a feature of RHEL 6. I believe that it's been available
in Fedora since release 11.
There is a configuration where a second cert will work, but you'd need
an additional IP. If you run "domainname.com" on one IP with a matching
cert and "www.domainname.com" on a separate IP with its matching cert,
users won't get errors. Two certs will usually cost more than one cert
with an alt-name, but less than throwing away your old cert to get a new
cert with both names.
More information about the CentOS
mailing list