[CentOS] apache redirection
Robert Heller
heller at deepsoft.com
Wed May 19 21:45:53 UTC 2010
At Wed, 19 May 2010 17:02:31 -0400 CentOS mailing list <centos at centos.org> wrote:
>
> On 05/19/2010 04:08 PM, Ski Dawg wrote:
> > The problem I am running into is if they go to https://domainname.com
> > (straight to the secure site), I am not able to find a solution that
> > will redirect them to https://www.domainname.com, so that the ssl
> > certificate matches and they won't get the "This connection is
> > untrusted" warning.
> >
> > Is there something obvious that I am missing? Is there a better way to
> > ensure that everyone will always end up with the www in the url, so
> > the certificate always matches?
>
> The problem you are running into is that SSL sessions are negotiated
> prior to the browser sending the virtual host name, so there is no
> opportunity to redirect the client to the www URL before it's too late.
> Aside from purchasing a second SSL certificate for the plain domain
> name or getting a wildcard certificate to cover both, I would just make
> sure the links on your web site to the secure version of the domain
> specify the www in the URL.
Also: don't 'advertise' the https:// URL at all. Visitors should
always go to you non-SSL site first.
>
> -Zack
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
--
Robert Heller -- Get the Deepwoods Software FireFox Toolbar!
Deepwoods Software -- Linux Installation and Administration
http://www.deepsoft.com/ -- Web Hosting, with CGI and Database
heller at deepsoft.com -- Contract Programming: C/C++, Tcl/Tk
More information about the CentOS
mailing list