Apache HTTPS redirection certificate error

We have two domains (gis4business.co.uk and gis4business.com) that point to the same website hosted using apache. We are using SSL for the entire site and have a wildcard SSL certificate for *.gis4business.co.uk.

The default apache conf file (000-default.conf) has a single virtual host configured to redirect from http to https as follows:

<VirtualHost *:80>
   ...
   Redirect permanent "/" "https://www.gis4business.co.uk/"
</VirtualHost>

Then we have a default SSL config file (default-ssl.conf) that has single a virtual host configured as follows:

<VirtualHost _default_:443>
    ServerName gis4business.co.uk
    ServerAlias *.gis4business.co.uk www.gis4business.co.uk *gis4business.com www.gis4business.com gis4business.com
    ...
    SSLEngine on
    SSLCertificateFile      /etc/ssl/certs/certificate.crt
    SSLCertificateKeyFile /etc/ssl/private/privatekey.key
    SSLCertificateChainFile /etc/ssl/certs/ca_certificate.crt
</VirtualHost>

This configuration is working as expected for the following urls:

However, the url https://www.gis4business.com results in a certificate warning (SSL_ERROR_BAD_CERT_DOMAIN in firefox and ERR_CERT_COMMON_NAME_INVALID in chrome).

Its obviously complaining about the SSL certificate not matching the domain (gis4business.com), so I assume we need an HTTPS redirect from gis4business.com to gis4business.co.uk. We have experimented with various configurations and haven't managed to get a redirect working.

We have tried:

1) Adding another virtual host (*:443) to the top of the 000-default.conf file as follows:

<VirtualHost *:443> 
    ServerName gis4business.co.uk
    ServerAlias *.gis4business.co.uk www.gis4business.co.uk *gis4business.com www.gis4business.com gis4business.com
    Redirect permanent "/" "https://www.gis4business.co.uk/"
    ...
    SSLEngine on
    SSLCertificateFile      /etc/ssl/certs/certificate.crt
    SSLCertificateKeyFile /etc/ssl/private/privatekey.key
    SSLCertificateChainFile /etc/ssl/certs/ca_certificate.crt 
</VirtualHost>

2) Adding another virtual host (default:443) to the top of the default-ssl.conf file as follows:

<VirtualHost _default_:443>
    ServerName gis4business.co.uk
    ServerAlias *.gis4business.co.uk www.gis4business.co.uk *gis4business.com www.gis4business.com gis4business.com
    Redirect permanent "/" "https://www.gis4business.co.uk/"
    ...
    SSLEngine on
    SSLCertificateFile      /etc/ssl/certs/certificate.crt
    SSLCertificateKeyFile /etc/ssl/private/privatekey.key
    SSLCertificateChainFile /etc/ssl/certs/ca_certificate.crt
</VirtualHost>

If redirection of https from one domain to another is possible without certificate errors, then what is the correct configuration to make it work?

标签： apache ssl redirect https certificate

1条回答

叛逆

2楼-- · 2019-08-02 18:19

Let's see how the redirect directive works

The Redirect directive maps an old URL into a new one by asking the client to refetch the resource at the new location.

The first request is processed by apache generating a 30x response to automatically redirect browser to the new URL

           browser                       SERVER             SSL  cert
https://www.gis4business.com       -->  redirect     *.gis4business.co.uk
           302-redirect            <-- 
https://www.gis4business.co.uk/    -->  process      *.gis4business.co.uk

The first request is served from https://www.gis4business.com using a certificate issued to *.gis4business.co.uk, so it is considered invalid consequently

To fix it you need to use a certificate issued to www.gis4business.com or *.gis4business.com. Define a new virtual host or request a new certificate with both hostnames.

0人赞添加讨论(0) 举报

Apache HTTPS redirection certificate error

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间