Hello everyone,
Part of our website has secured access with an SSL certificate. The
problem we are running into is that the certificate is for
www.domainname.com, so when they go to domainname.com (without the
www. in front), the users are getting a "This connection is untrusted"
warning, because the url doesn't match the certificate.
I found one site that said to make a change to the apache conf file,
which I have done. The change that I made is adding:
<VirtualHost xxx.xxx.xxx.xxx:80>
ServerName domainname.com
Redirect permanent / http://www.domainname.com/
</VirtualHost>
This works great to redirect the users to http://www.domainname.com
when they go to http://domainname.com.
The problem I am running into is if they go to https://domainname.com
(straight to the secure site), I am not able to find a solution that
will redirect them to https://www.domainname.com, so that the ssl
certificate matches and they won't get the "This connection is
untrusted" warning.
I tried using the same thing as above, but changing the port number to
443, and the http to https on the redirect line, but that actually
breaks the site, and only displays an error:
Secure Connection Failed
(Error code: ssl_error_rx_record_too_long)
Is there something obvious that I am missing? Is there a better way to
ensure that everyone will always end up with the www in the url, so
the certificate always matches?
Any thoughts and suggestions would be greatly appreciated.
--
Doug
Registered Linux User #285548 (http://counter.li.org)
----------------------------------------
Never trust a computer you can't throw out a window.
-- Steve Wozniak
On Wed, 2010-05-19 at 14:08 -0600, Ski Dawg wrote:> Hello everyone, > > Part of our website has secured access with an SSL certificate. The > problem we are running into is that the certificate is for > www.domainname.com, so when they go to domainname.com (without the > www. in front), the users are getting a "This connection is untrusted" > warning, because the url doesn't match the certificate. > > I found one site that said to make a change to the apache conf file, > which I have done. The change that I made is adding: > <VirtualHost xxx.xxx.xxx.xxx:80> > ServerName domainname.com > Redirect permanent / http://www.domainname.com/ > </VirtualHost> > > This works great to redirect the users to http://www.domainname.com > when they go to http://domainname.com. > > The problem I am running into is if they go to https://domainname.com > (straight to the secure site), I am not able to find a solution that > will redirect them to https://www.domainname.com, so that the ssl > certificate matches and they won't get the "This connection is > untrusted" warning. > > I tried using the same thing as above, but changing the port number to > 443, and the http to https on the redirect line, but that actually > breaks the site, and only displays an error: > Secure Connection Failed > (Error code: ssl_error_rx_record_too_long) > > Is there something obvious that I am missing? Is there a better way to > ensure that everyone will always end up with the www in the url, so > the certificate always matches?---- yes, put the same VirtualHost directive into /etc/httpd/conf.d/ssl.conf Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
At Wed, 19 May 2010 14:08:59 -0600 CentOS mailing list <centos at centos.org> wrote:> > Hello everyone, > > Part of our website has secured access with an SSL certificate. The > problem we are running into is that the certificate is for > www.domainname.com, so when they go to domainname.com (without the > www. in front), the users are getting a "This connection is untrusted" > warning, because the url doesn't match the certificate. > > I found one site that said to make a change to the apache conf file, > which I have done. The change that I made is adding: > <VirtualHost xxx.xxx.xxx.xxx:80> > ServerName domainname.com > Redirect permanent / http://www.domainname.com/ > </VirtualHost>You don't really need this -- you can just add the line below to your existing <VirtualHost> spec for www.domainname.com ServerAlias domainname.com> > This works great to redirect the users to http://www.domainname.com > when they go to http://domainname.com. > > The problem I am running into is if they go to https://domainname.com > (straight to the secure site), I am not able to find a solution that > will redirect them to https://www.domainname.com, so that the ssl > certificate matches and they won't get the "This connection is > untrusted" warning. > > I tried using the same thing as above, but changing the port number to > 443, and the http to https on the redirect line, but that actually > breaks the site, and only displays an error: > Secure Connection Failed > (Error code: ssl_error_rx_record_too_long)Probably because the VirtualHost for domainname.com:443 does not include the SSL cert info. You can try including a ServerAlias line to your VirtualHost:443 container for www.domainname.com. The only other thought would be look at your DNS record(s) for domainname.com and make sure those records are 'sane' (in terms of which name has the IP address and which is a CNAME record).> > Is there something obvious that I am missing? Is there a better way to > ensure that everyone will always end up with the www in the url, so > the certificate always matches? > > Any thoughts and suggestions would be greatly appreciated.-- Robert Heller -- Get the Deepwoods Software FireFox Toolbar! Deepwoods Software -- Linux Installation and Administration http://www.deepsoft.com/ -- Web Hosting, with CGI and Database heller at deepsoft.com -- Contract Programming: C/C++, Tcl/Tk
On 05/19/2010 04:08 PM, Ski Dawg wrote:> The problem I am running into is if they go to https://domainname.com > (straight to the secure site), I am not able to find a solution that > will redirect them to https://www.domainname.com, so that the ssl > certificate matches and they won't get the "This connection is > untrusted" warning. > > Is there something obvious that I am missing? Is there a better way to > ensure that everyone will always end up with the www in the url, so > the certificate always matches?The problem you are running into is that SSL sessions are negotiated prior to the browser sending the virtual host name, so there is no opportunity to redirect the client to the www URL before it's too late. Aside from purchasing a second SSL certificate for the plain domain name or getting a wildcard certificate to cover both, I would just make sure the links on your web site to the secure version of the domain specify the www in the URL. -Zack
put this into root of the domain into the .htaccess file
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{REMOTE_HOST} !^.*YOURDOMAIN\.com [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
Jobst
On Wed, May 19, 2010 at 02:08:59PM -0600, Ski Dawg (centos at skidawg.org)
wrote:> Hello everyone,
>
> Part of our website has secured access with an SSL certificate. The
> problem we are running into is that the certificate is for
> www.domainname.com, so when they go to domainname.com (without the
> www. in front), the users are getting a "This connection is
untrusted"
> warning, because the url doesn't match the certificate.
>
> I found one site that said to make a change to the apache conf file,
> which I have done. The change that I made is adding:
> <VirtualHost xxx.xxx.xxx.xxx:80>
> ServerName domainname.com
> Redirect permanent / http://www.domainname.com/
> </VirtualHost>
>
> This works great to redirect the users to http://www.domainname.com
> when they go to http://domainname.com.
>
> The problem I am running into is if they go to https://domainname.com
> (straight to the secure site), I am not able to find a solution that
> will redirect them to https://www.domainname.com, so that the ssl
> certificate matches and they won't get the "This connection is
> untrusted" warning.
>
> I tried using the same thing as above, but changing the port number to
> 443, and the http to https on the redirect line, but that actually
> breaks the site, and only displays an error:
> Secure Connection Failed
> (Error code: ssl_error_rx_record_too_long)
>
> Is there something obvious that I am missing? Is there a better way to
> ensure that everyone will always end up with the www in the url, so
> the certificate always matches?
>
> Any thoughts and suggestions would be greatly appreciated.
> --
> Doug
>
> Registered Linux User #285548 (http://counter.li.org)
> ----------------------------------------
> Never trust a computer you can't throw out a window.
> -- Steve Wozniak
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
--
I have a license to "kill -9"!
| |0| | Jobst Schmalenbach, jobst at barrett.com.au, General Manager
| | |0| Barrett Consulting Group P/L & The Meditation Room P/L
|0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia