Re: [users@httpd] SSL cert for alias too

Wed, 15 Jul 2009 21:36:42 -0700 

Of course it works if you do it right.


1. Outside ssl virtual host:

RewriteEngine On
RewriteCond %{SERVER_PORT}  ^80$
RewriteRule ^(.*)$ https://www.domain.com$1 [R=301,L]


2. Inside the ssl virtual host:

<VirtualHost _default_:443>
ServerName  domain.com
ServerAlias www.domain.com

RewriteEngine On
RewriteCond %{SERVER_PORT}  ^80$
RewriteRule ^(.*)$ https://www.domain.com$1 [R=301,L]
.
.
.
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/www.domain.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.crt/unencrypted.key
SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/intermediatecrt.crt
.
.
.


</VirtualHost>



It works for me for sure don't see any reason why it shouldn't work for you?

Cheers,

Igor

On Thu, Jul 16, 2009 at 7:00 AM, Aaron Turner <synfina...@gmail.com> wrote:

> On Wed, Jul 15, 2009 at 12:34 PM, <rank1see...@gmail.com> wrote:
> > I did a redirect, that works both for http and https. But still...
> > Request for domain.com just BEFORE redirect to www.domain.com,
> > Issues warning in browser and in my apache error log I get line:
> > [warn] RSA server certificate wildcard CommonName (CN) `*.domain.com'
> does
> > NOT match server name!?
> >
> > After AND IF client ignores warning, he gets redirecteted properly
> >
> > What now?
> > SSL cert for each, as SSL wildcard doesn't work in this case.
>
> You need two certs.  www.domain.com and domain.com.
>
> Redirect won't work in this case because it is done at the HTTP layer
> and the SSL handshake occurs before the GET request.
>
>
> --
> Aaron Turner
> http://synfin.net/
> http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix &
> Windows
> Those who would give up essential Liberty, to purchase a little temporary
> Safety, deserve neither Liberty nor Safety.
>    -- Benjamin Franklin
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>   "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Reply via email to