Ahh, thank you -Bhaskar
On Tue, Oct 29, 2013 at 10:56 AM, David Coulson <da...@davidcoulson.net>wrote: > A wildcard cert is helpful for some things, but domain.com will not > validate against a cert issued for *.domain.com > > > On 10/29/13, 10:52 AM, Bhaskar Maddala wrote: > > If it is any help you can get a certificate for *. domain.com > On Oct 28, 2013 9:37 PM, "Felix" <fe...@ferchland.org> wrote: > >> Hello, >> >> I am using haproxy to loadbalance my webapplication but I get into a >> problem >> with our ssl certificate. >> haproxy is also serving the ssl certificate to the clients. this works >> quite >> well. we only have certificate for www as subdomain, so all traffic >> hitting >> haproxy should be redirected to https://www. >> if the visitor comes from non ssl the domain can be rewritten without a >> problem, but if the visitor types the domain with ssl but without >> subdomain, >> the url can't be rewritten before the (in this case invalid) ssl >> certificate >> was served by haproxy. >> is there a way to redirect an ssl request before serving the certificate? >> >> global >> maxconn 4096 >> daemon >> log 128.0.0.1 local0 >> >> defaults >> log global >> mode http >> contimeout 5000 >> clitimeout 50000 >> srvtimeout 50000 >> option forwardfor >> retries 3 >> option redispatch >> option http-server-close >> >> frontend http *:80 >> mode http >> redirect location https://www.url.com if !{ ssl_fc } >> >> frontend https >> # reqadd X-Forwarded-Proto:\ https >> # www Redirect >> mode http >> acl non-www hdr(host) url.com >> redirect prefix https://www.url.com if non-www >> >> bind *:443 ssl crt /crt/ssl.pem no-sslv3 >> default_backend web >> option forwardfor >> >> >> >> >
