If it is any help you can get a certificate for *. domain.com
 On Oct 28, 2013 9:37 PM, "Felix" <fe...@ferchland.org> wrote:

> Hello,
>
> I am using haproxy to loadbalance my webapplication but I get into a
> problem
> with our ssl certificate.
> haproxy is also serving the ssl certificate to the clients. this works
> quite
> well. we only have certificate for www as subdomain, so all traffic hitting
> haproxy should be redirected to https://www.
> if the visitor comes from non ssl the domain can be rewritten without a
> problem, but if the visitor types the domain with ssl but without
> subdomain,
> the url can't be rewritten before the (in this case invalid) ssl
> certificate
> was served by haproxy.
> is there a way to redirect an ssl request before serving the certificate?
>
> global
>    maxconn 4096
>    daemon
>    log 128.0.0.1 local0
>
> defaults
>    log          global
>    mode         http
>    contimeout   5000
>    clitimeout   50000
>    srvtimeout   50000
>    option forwardfor
>    retries 3
>    option redispatch
>    option http-server-close
>
> frontend http *:80
>    mode http
>    redirect location https://www.url.com if !{ ssl_fc }
>
> frontend https
>    # reqadd X-Forwarded-Proto:\ https
>    # www Redirect
>    mode http
>    acl non-www hdr(host)        url.com
>    redirect prefix https://www.url.com if non-www
>
>    bind *:443 ssl crt /crt/ssl.pem no-sslv3
>    default_backend web
>    option forwardfor
>
>
>
>

Reply via email to