[BlueOnyx:11788] Re: Web Alias Redirects with SSL
Carl E. Hartung
carlh04426 at gmail.com
Wed Dec 12 12:00:22 -05 2012
On Wed, 12 Dec 2012 11:35:19 -0500
Michael Stauber <mstauber at blueonyx.it> wrote:
> Hi Robert,
>
> > Having the worst time trying to get SSL to redirect to the proper
> > host name of the cert when no host is used (i.e.: https://vsite.com
> > redirect to https://host.vsite.com).
>
> Round peg, meet square hole. :-)
Yeah, it definitely helps to understand either a) the OP's objectives
or b) the constraints of the environment you're operating within :-)
> Typically on a BlueOnyx a Vsite is created with a FQDN consisting of
> hostname, domainname and extension.
>
> Therefore SSL certficates are also created for the full FQDN.
>
> Lastly, the /etc/httpd/conf.d/ssl_perl.conf script that dynamically
> creates the Vhost containers for SSL enabled sites is designed to
> create the SSL enabled Apache Vhost container with the FQDN in mind.
i.e. it follows standard canonical nomenclature, e.g. 'host.domain.tld'
> For SSL certificates it makes a hell of a lot of a difference if the
> certificate was issues to "company.com", "www.company.com" or
> "mail.company.com". Because unless it's a multidomain or wildcard
> cert, it will only work for the FQDN that it was issued for.
The need to pay close attention to this is absolutely spot on, although
it seems most vendors now issue certs which cover both scenarios,
i.e. with, and without, the 'www.' prefix.
> So if your certificate is for "www.vsite.com", all you need to do is
> to tick the checkbox for "Alias redirects to main site". That'll
> already do all the redirection you want and anyone who visits an
> alias will be redirected to the main site where the SSL certificate
> is active.
Simple! :-)
> In that case the only redirect that you might need, is the redirect
> from port 80 to 443 to force everyone to use HTTPS when visiting that
> site.
>
If an SSL enabled site is configured by default to use port 443, which
is the convention, then rewriting the protocol from http to https
should be enough, correct?
Thanks Michael!
Carl
More information about the Blueonyx
mailing list