A wildcard cert is helpful for some things, but domain.com will not
validate against a cert issued for *.domain.com
On 10/29/13, 10:52 AM, Bhaskar Maddala wrote:
If it is any help you can get a certificate for *. domain.com
<http://domain.com>
On Oct 28, 2013 9:37 PM, "Felix" <fe...@ferchland.org
<mailto:fe...@ferchland.org>> wrote:
Hello,
I am using haproxy to loadbalance my webapplication but I get into
a problem
with our ssl certificate.
haproxy is also serving the ssl certificate to the clients. this
works quite
well. we only have certificate for www as subdomain, so all
traffic hitting
haproxy should be redirected to https://www.
if the visitor comes from non ssl the domain can be rewritten
without a
problem, but if the visitor types the domain with ssl but without
subdomain,
the url can't be rewritten before the (in this case invalid) ssl
certificate
was served by haproxy.
is there a way to redirect an ssl request before serving the
certificate?
global
maxconn 4096
daemon
log 128.0.0.1 local0
defaults
log global
mode http
contimeout 5000
clitimeout 50000
srvtimeout 50000
option forwardfor
retries 3
option redispatch
option http-server-close
frontend http *:80
mode http
redirect location https://www.url.com if !{ ssl_fc }
frontend https
# reqadd X-Forwarded-Proto:\ https
# www Redirect
mode http
acl non-www hdr(host) url.com <http://url.com>
redirect prefix https://www.url.com if non-www
bind *:443 ssl crt /crt/ssl.pem no-sslv3
default_backend web
option forwardfor
