SSL Cert - Do I need to purchase SSL for a Domain

Quick dumb question but want to make sure. I need to redirect www.example.com to www.example1.com. www.example1.com is already secured with a SSL cert. Do i need to purchase a SSL cert for www.example.com? I am assuming 'No' because the redirect is landing on a page that is aready secured.

Please advise.

Thanks, Alpha

回答1:

If you want to redirect from https://www.example.com to https://www.example1.com you need a certificate for www.example.com too. The redirect will be done with HTTP, but https encapsulates HTTP inside SSL. So it first needs to establish the SSL connection which includes verifying the certificate, before it can get to the HTTP layer with the redirect.

回答2:

The ability to issue an HTTP-level redirect is independent of whether the original or destination sites are protected by HTTPS (SSL/TLS) and a corresponding certificate. Redirects may be issued in any combination, specifically all of these are allowed:

FROM                      TO
http://www.example.com    http://www.other.example
http://www.example.com    https://www.other.example
https://www.example.com   http://www.other.example
https://www.example.com   https://www.other.example

Before any of these HTTP redirects to take place, the client must be able to establish a valid HTTP request with the "FROM" server. If www.example.com is an Internet-accessible site intended to be used by anyone, and it uses HTTPS, then it must use a certificate; preferably, one signed by a recognized CA (Certificate Authority). However, this concern is not specific to the topic of redirects; it would apply to any request to that server and should be treated as a separate concern.

The answer to my interpretation of the OP's question is: No, the source of a redirect does not need to be secured with SSL/TLS merely in order to issue a redirect to a protected site. (Case 2 in my table above.)

There may be other reasons why the originating server should use HTTPS, but it is not a requirement merely for the ability to redirect. Note that in some cases (e.g. case 3) a browser may warn the user if redirecting to an insecure page from an HTTPS context.