Re: [users@httpd] redirect https to http

Mon, 30 May 2011 19:38:31 -0700 

On 30/05/2011 7:32 PM, Jobst Schmalenbach wrote:

Hi.

I have a problem that one of my domains is listed on google as https
and I do not have a valid certificate and neither do I need to
have one.

I have sent an email to technical support at google and they have
come back to me with a couple of suggestions and told me too that
they had a look at my site "and I am doing the right things".

The server in question hosts a few domains (all virtual hosts)
and has three domains running that have valid security certificates
which are virtual hosts too. All the virtual hosts work correctly
and in all cases the domain.com.au redirects correctly to
www.domain.com.au. The three virtual certificate domain all work
corretly as well.

The problem I have is when ANY of the domains that do NOT have
a valid https certificate go to the main server and off course read
the incorrect certificate.

Is there a way of telling apache NOT to go down the https path
but immediately redirect the request to http without requiring
to return the security certificate to the browser and telling
the browser there is no such thing?

I know I can do this:

   RewriteCond %{SERVER_PORT} 443
   RewriteRule ^(.*)$ http://%{HTTP_HOST} [R=301,L]

but that still leads to asking the user that the certificate
is incorrect as it is trying to read the main server's certificate.

I have tried to setup a _default_ virtual host, and within that
virtual host I turn off SSL but I still get these problems.

Is there any way I can get around this?


thanks
Jobst







Jobst,
Configure the server to use SNI, and you can define a vhost for each hostname, and avoid the certificate mismatch. 

As for requests like https://1.1.1.1/, you'll need a vhost with that IP as the 
CN, as well.

Frank

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to