I am trying to redirect without a rewrite rule from eg https://www.domain.com to https://www.domain.net . I have a wildcard certificate for *.domain.net . This yields the following warning in my error_log
[warn] RSA server certificate wildcard CommonName (CN) `*.domain.net' does NOT match server name!?
This makes sense and I understand why the warning. I would like to ask if there is a way to use the Redirect directive to accomplish the above without the warnings. Here is my virtual hosts in ssl.conf:
SSLEngine on
ServerName www.domain.net
DocumentRoot /var/www/html/domain
SSLOptions -FakeBasicAuth -ExportCertData +StrictRequire +OptRenegotiate -StdEnvVars
SSLStrictSNIVHostCheck off
SSLEngine on
ServerName www.domain.com
ServerAlias www.domain.info
Redirect permanent / https://www.domain.net
Also, if there is a solution, can it be used for redirection from htps://domain.com to htps://www.domain.com?
Thanks a lot!
Answer
Please be aware that the SSL handshake and verification process of the underlying HTTPS connection occurs before the actual request is sent. That means no HTTP response from the server before the authenticity of the server certificate has been verified, not even redirects.
If you only have one endpoint (ie. only 1 public IP address), you'll need to buy a SAN certificate, that is, a certificate with Subject Alternative Names.
That way you could have a wildcard certificate for *.domain.net with the SAN www.domain.com, and you won't get any certificate warnings
For further info, check out an old answer I gave for a similar situation, just with nginx instead of apache
No comments:
Post a Comment