A wildcard cert is helpful for some things, but domain.com will not validate against a cert issued for *.domain.com

On 10/29/13, 10:52 AM, Bhaskar Maddala wrote:

If it is any help you can get a certificate for *. domain.com <http://domain.com>

On Oct 28, 2013 9:37 PM, "Felix" <fe...@ferchland.org <mailto:fe...@ferchland.org>> wrote:

    Hello,

    I am using haproxy to loadbalance my webapplication but I get into
    a problem
    with our ssl certificate.
    haproxy is also serving the ssl certificate to the clients. this
    works quite
    well. we only have certificate for www as subdomain, so all
    traffic hitting
    haproxy should be redirected to https://www.
    if the visitor comes from non ssl the domain can be rewritten
    without a
    problem, but if the visitor types the domain with ssl but without
    subdomain,
    the url can't be rewritten before the (in this case invalid) ssl
    certificate
    was served by haproxy.
    is there a way to redirect an ssl request before serving the
    certificate?

    global
       maxconn 4096
       daemon
       log 128.0.0.1 local0

    defaults
       log          global
       mode         http
       contimeout   5000
       clitimeout   50000
       srvtimeout   50000
       option forwardfor
       retries 3
       option redispatch
       option http-server-close

    frontend http *:80
       mode http
       redirect location https://www.url.com if !{ ssl_fc }

    frontend https
       # reqadd X-Forwarded-Proto:\ https
       # www Redirect
       mode http
       acl non-www hdr(host) url.com <http://url.com>
       redirect prefix https://www.url.com if non-www

       bind *:443 ssl crt /crt/ssl.pem no-sslv3
       default_backend web
       option forwardfor




Reply via email to