[CentOS] apache redirection

Wed May 19 20:33:19 UTC 2010
Robert Heller <heller at deepsoft.com>

At Wed, 19 May 2010 14:08:59 -0600 CentOS mailing list <centos at centos.org> wrote:

> 
> Hello everyone,
> 
> Part of our website has secured access with an SSL certificate. The
> problem we are running into is that the certificate is for
> www.domainname.com, so when they go to domainname.com (without the
> www. in front), the users are getting a "This connection is untrusted"
> warning, because the url doesn't match the certificate.
> 
> I found one site that said to make a change to the apache conf file,
> which I have done. The change that I made is adding:
> <VirtualHost xxx.xxx.xxx.xxx:80>
>     ServerName domainname.com
>     Redirect permanent / http://www.domainname.com/
> </VirtualHost>

You don't really need this -- you can just add the line below to your existing
<VirtualHost> spec for www.domainname.com

ServerAlias domainname.com

> 
> This works great to redirect the users to http://www.domainname.com
> when they go to http://domainname.com.
> 
> The problem I am running into is if they go to https://domainname.com
> (straight to the secure site), I am not able to find a solution that
> will redirect them to https://www.domainname.com, so that the ssl
> certificate matches and they won't get the "This connection is
> untrusted" warning.
> 
> I tried using the same thing as above, but changing the port number to
> 443, and the http to https on the redirect line, but that actually
> breaks the site, and only displays an error:
> Secure Connection Failed
> (Error code: ssl_error_rx_record_too_long)

Probably because the VirtualHost for domainname.com:443 does not include
the SSL cert info.  You can try including a ServerAlias line to your
VirtualHost:443 container for www.domainname.com.

The only other thought would be look at your DNS record(s) for
domainname.com and make sure those records are 'sane' (in terms of which
name has the IP address and which is a CNAME record).

> 
> Is there something obvious that I am missing? Is there a better way to
> ensure that everyone will always end up with the www in the url, so
> the certificate always matches?
> 
> Any thoughts and suggestions would be greatly appreciated.

-- 
Robert Heller             -- Get the Deepwoods Software FireFox Toolbar!
Deepwoods Software        -- Linux Installation and Administration
http://www.deepsoft.com/  -- Web Hosting, with CGI and Database
heller at deepsoft.com       -- Contract Programming: C/C++, Tcl/Tk