httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Dessent <br...@dessent.net>
Subject Re: [users@httpd] how to rewrite 443 port to another
Date Wed, 31 Dec 2003 17:21:18 GMT
Chris Edwards wrote:
> 
> > Remember that SSL happens above the
> > entire HTTP protocol level, so to get to the point of being able to
> > issue a redirect, all of the certificate authentication and key exchange
> > has already taken place.
> 
> What I'm trying to accomplish is having someone come in on port 443, and be
> directed to port 4443.
> 
> I don't want the url to change and I don't want the certificate prompts to
> say the domain doesn't match.
> 
> >From your previous statement.  This sounds impossible.  Am I right?

The only way that you can issue a redirect without a certificate is if
they come in using 'http:' and not 'https:'.  If they come in on
"http://site.com:443" then it will work, but "https://site.com" won't,
because https requires a certificate before you can even start talking
HTTP.

But, if you have a certificate for both "site-a.com" and "site-b.com"
then you can serve https requests on site-a with the site-a certificate,
and then issue a redirect to site-b.com.  But if you don't have a
site-a.com cert then there's no way you can answer any 'https' queries
for site-a, even if it's just to redirect.  (unless you want to prompt
about lack of cert, which you don't.)

Brian

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message