Redirect All SSL Requests to One Domain - redirect

Recently, the company I work for changed their name, and therefore is changing its domain name. Previously, we redirected all requests on port 80 of our web server to https : //www .olddomain.com, so that all pages were sent over SSL. Now that we have changed, our SSL certificate for www. olddomain.com has expired, and we want to redirect all requests for https : //www. olddomain.com to https : //www. newdomain.com (in case anyone bookmarked us as https : //.....).
I have tried every redirection method I know, mod_rewrite, DNS forwarding, etc, but I cannot get https : //www.olddomain.com to redirect to https : //www.newdomain.com, it says that the site is untrusted.
We are running Apache 2.2 on linux.
Any help would be appreciated.
Thanks!

Not to dive into unnecessary details - if certificate itself has expired, you won't be able to make trusted connection with it, browser will always warn. To make it transparent, you'd have to renew/buy valid certificate for old domain, or force any possible website user to first download, install and trust your own RootCA certificate (obviously impossible). Theoretically there are some browser-supported HTTPS protocol extensions to deal with original construction of https, but even if they were implemented it still won't "help" for outdated certificate. It is problem with certificate itself, not really with virtual server hostname / certificate common name recognition and matching for which such protocol extensions are conceptually planned/designed.
You should have been performing domain migration during time when old certificate was still valid. Have a look here CNAME SSL certificates as well.

Related

Using localhost for Secure Canvas URL on Facebook App

I need to develop a Facebook app, and while I request my SSL certificate, I need to start the project because I have few time to deliver it.
Is it possible to use localhost as the "Secure Canvas URL"? This field requires that the URL begins with https, so I don't know the correct way to do it (in the case that using localhost is allowed).
First of all you need to set up your server to answer HTTPS requests.
Then you create a self-signed SSL certificate – not sure if that works for the domain name localhost, but I’d recommend setting up a local domain, such as mytest.local anyway (the .local being the important part here), make your server listen to that, and your system resolve it to your local IP address, f.e. via its hosts file.
And then you tell your browser to accept that self-signed certificate … and you’re good to go.

Redirect with lighttpd

I'm trying to do this:
https://dummiesite.com --> http://dummiesite.com
and
http://dummiesite.com --> http://new.dummiesite.com
and
http://new.dummiesite.com --> https://new.dummiesite.com
So no matter what site the user goes, it will allways be redirected to https://new.dummiesite.com
The problem:
With I have a wildcard certificate for *.site.com. But it is only valid for all the subdomains of site.com, not for site.com itself. With lighttpd I cannot use more than one certificate per IP (I have only one), so when the user goes to https://dummiesite.com, it gets an error because the certificate is not valid.
That is why I'm trying to redirect https://dummiesite.com to http://dummiesite.com. How can I do it without a valid certificate and without showing the user errors?
Thanks for your help
You can't with the current certificate. HTTPS is HTTP inside an SSL tunnel, so before you can do the redirect at the HTTP level the SSL connection has to be established. But this fails because your certificate does not match the hostname. You need to get a certificate which includes both *.dummiesite.com and dummiesite.com (yes, this is possible).

SSL Certificates and Redirection

If a website is being redirected, does the original domain name need to have an SSL certificate, or the redirected domain name or both?
Both, because the redirection is an HTTP-level thing which happens inside the SSL envelope. The client needs to establish an SSL connection to the original host name before it sees the redirect, then after following the redirect it must establish another SSL connection to the target host name.
If you're redirecting between the www and non-www forms of the same domain, it's often the case that one certificate will cover both (using the "subject alternative name" mechanism). For example, I have a site with a certificate from RapidSSL, and when you ask them for a certificate securing www.example.com they automatically issue it with a SAN for the plain example.com form included. I have a single Apache HTTPD with two name-based virtual host definitions on the same IP address pointing to the same certificate.

Redirecting https://server.com to https://www.server.com in apache

I am trying to write a redirect in apache for URL of pattern:
https://server.com to https://www.server.com
without much success
Reason for rediect: My SSL certificate is on www.server.com, so I want the users to go on the correct site (and see secure icon).
Problem: The problem is that when I try to open https://server.com the browser gives me incorrect certificate error and none of my RewriteRule gets executed till I ignore the incorrect certificate problem.
How do I redirect in this case?
You can't do this with one certificate. The reason is that the web server needs to do the ssl handshake before it does the redirect, so you'll always have the problem with invalid certificate.
You really have only one option to do this - cover both, www and no www with a certificate and redirect. This can be done several ways, either get a certificate with multiple domain names called a SAN certificate, or get two certificates, one for www and one without. However, in the second case, you would need two web servers with different ip's to accomplish your task.
An alternate approach, one that use myself, is not to worry about it. Instruct users to go to regular http website and do the redirection yourself when SSL Cconnection is needed. This is what amazon.com does actually. They want you to browse http and they redirect you to SSL only when you buy something. Their certificate is also only valid for www, just go to https://amazon.com and you'll see their certificate is invalid without www

One SSL certificate for each subdomain and root redirection

I am setting up a secure website with two subdomains:
https://www.domain.com
https://xxx.domain.com
I have acquired two SSL certificates, one for each of the subdomains (standard installation using nginx). I have also set up the root https://domain.com to simply redirect to https://www.domain.com.
Most of the time, this setup works fine. However, for some browsers (notably IE8 and Android), when accessing https://xxx.domain.com I get a certificate error, where the browser shows the certificate info for https://www.domain.com.
I suspect these browsers fetch the certificate from the root domain which then redirects to https://www.domain.com and hence the mismatch problem.
Can anyone advice on how to deal with this situation? Is buying a wildcard certificate the sole solution?
Thanks
If you're using the same IP address for both, then yes, some sort of multiple name cert is the only practical solution at this point. Alternatively, if you run the xxx site on a different IP address, things should be okay.
This shouldn't be an issue for just IE and Android, though. I'm not sure what's up with that.
(Hmmm ... maybe this should be on serverfault).