No. You need to get a cert with both www.domain.com and domain.com in it so both are valid in a browser.
Sent from my iPad > On Oct 28, 2013, at 9:33 PM, Felix <fe...@ferchland.org> wrote: > > Hello, > > I am using haproxy to loadbalance my webapplication but I get into a problem > with our ssl certificate. > haproxy is also serving the ssl certificate to the clients. this works quite > well. we only have certificate for www as subdomain, so all traffic hitting > haproxy should be redirected to https://www. > if the visitor comes from non ssl the domain can be rewritten without a > problem, but if the visitor types the domain with ssl but without subdomain, > the url can't be rewritten before the (in this case invalid) ssl certificate > was served by haproxy. > is there a way to redirect an ssl request before serving the certificate? > > global > maxconn 4096 > daemon > log 128.0.0.1 local0 > > defaults > log global > mode http > contimeout 5000 > clitimeout 50000 > srvtimeout 50000 > option forwardfor > retries 3 > option redispatch > option http-server-close > > frontend http *:80 > mode http > redirect location https://www.url.com if !{ ssl_fc } > > frontend https > # reqadd X-Forwarded-Proto:\ https > # www Redirect > mode http > acl non-www hdr(host) url.com > redirect prefix https://www.url.com if non-www > > bind *:443 ssl crt /crt/ssl.pem no-sslv3 > default_backend web > option forwardfor > > >