LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   need help with apache redirects in complex conf arrangement (http://www.linuxquestions.org/questions/linux-server-73/need-help-with-apache-redirects-in-complex-conf-arrangement-839330/)

sneakyimp 10-20-2010 12:18 PM

need help with apache redirects in complex conf arrangement
 
I'm working with a server that unfortunately uses webhost manager and cpanel. I'm trying to force redirects that enforce the use of domains that are compatible with my SSL certs. This was working fine when it was just mydomain.com and www.domain.com, but now I have situation with:

* domain.com
* www.domain.com
* store.domain.com

We'd like to redirect https://www.store.domain.com to https://store.domain.com but this is not working. Instead of redirecting, we get the 'this connection is untrusted' dialog in a browser because The certificate is only valid for the following names: www.domain.com , store.domain.com , domain.com.

My guess is that for the HTTPS connection to be negotiated, the certificate must first be exchanged so everything can be secret. Is there some way to have the server redirect https requests for www.store.domain.com to store.domain.com without involving the cert?

Complicating matters is that there are probably 12 apache configuration files involved thanks to the magic of Webhost Manager. There's a main apache conf at /usr/local/apache/conf/httpd.conf which contains a VirtualHost directive for each domain and those VirtualHosts in turn includes a port80.conf and a port443.conf for each domain/subdomain being hosted.

bathory 10-20-2010 01:32 PM

Quote:

My guess is that for the HTTPS connection to be negotiated, the certificate must first be exchanged so everything can be secret. Is there some way to have the server redirect https requests for www.store.domain.com to store.domain.com without involving the cert?
You're right. The redirect in the server happens after the connection is established. This means that since it's a ssl connection the certificate is read first by the browser before anything else.
So, I'm afraid you cannot do anything, except using a wildcard ssl certificate.

Regards


All times are GMT -5. The time now is 05:19 AM.