httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frank Gingras <francois.ging...@gmail.com>
Subject Re: [users@httpd] redirect https to http
Date Tue, 31 May 2011 02:38:05 GMT
On 30/05/2011 7:32 PM, Jobst Schmalenbach wrote:
> Hi.
>
> I have a problem that one of my domains is listed on google as https
> and I do not have a valid certificate and neither do I need to
> have one.
>
> I have sent an email to technical support at google and they have
> come back to me with a couple of suggestions and told me too that
> they had a look at my site "and I am doing the right things".
>
> The server in question hosts a few domains (all virtual hosts)
> and has three domains running that have valid security certificates
> which are virtual hosts too. All the virtual hosts work correctly
> and in all cases the domain.com.au redirects correctly to
> www.domain.com.au. The three virtual certificate domain all work
> corretly as well.
>
> The problem I have is when ANY of the domains that do NOT have
> a valid https certificate go to the main server and off course read
> the incorrect certificate.
>
> Is there a way of telling apache NOT to go down the https path
> but immediately redirect the request to http without requiring
> to return the security certificate to the browser and telling
> the browser there is no such thing?
>
> I know I can do this:
>
>    RewriteCond %{SERVER_PORT} 443
>    RewriteRule ^(.*)$ http://%{HTTP_HOST} [R=301,L]
>
> but that still leads to asking the user that the certificate
> is incorrect as it is trying to read the main server's certificate.
>
> I have tried to setup a _default_ virtual host, and within that
> virtual host I turn off SSL but I still get these problems.
>
> Is there any way I can get around this?
>
>
> thanks
> Jobst
>
>
>
>
>

Jobst,

Configure the server to use SNI, and you can define a vhost for each hostname, and avoid the

certificate mismatch.

As for requests like https://1.1.1.1/, you'll need a vhost with that IP as the CN, as well.

Frank

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message