Do the users actually connect to "https://xxx.com" ? Or do they go just to "xxx.com" in their browser and then a load-balancer/SSL-accellerator somewhere along the way bumps them to https?
If something was bumping them to https then it would be easiest to just change that 'bumping' to go from "http://xxx.com" to "https://www.xxx.com", which ofcourse any webserver could do (with a default document with a meta-refresh), but most content-source-switches or local-traffic-managers/loadbalancers could do right in the config (i.e. they respond to the GET / with a HTTP 302 go-over-here, etc), i.e. actually function as a limited in-line web-server. Good luck... On Thu, Apr 17, 2014 at 1:46 PM, Yehuda Katz <yeh...@ymkatz.net> wrote: > On Thu, Apr 17, 2014 at 3:12 PM, Mark London <m...@psfc.mit.edu> wrote: > >> So I've been trying to find a configuration that redirects >> HTTPS://XXX.COM to HTTPS://WWW.XXX.COM. Unfortunately, every >> configuration that I've tried, doesn't work. All of the rewrite and >> redirect rules, are applied after the browser checks the certificate >> against the URL. Thus, the warning web page always appears. >> > > This is the expected behavior and other than issuing a new certificate and > using another vhost (with SNI - generally not compatible with Windows XP > and some other devices) or reissuing the same certificate with an > additional name, there is no way around this. > > - Y >