Aug 16, 2011
tom

Apache rewrite rules and DNS settings for HTTPS sites

Question

For a web application located at:

https://www.domain.com/

With an SSL certificate issued to “www.domain.com”,

What is are the proper rewrite rules, DNS settings, or combination of both which makes each of the below urls redirect seemlessly to https://www.domain.com/:

 1. http://www.domain.com
 2. http://domain.com
 3. https://domain.com

The difficulty is really with #3. https://domain.com tends to cause browser security messages. How do the major HTTPS sites do this? Take Paypal.com, for instance.

Answer

As some more assistance for item 3, and maybe 2 as well, how about using Server Name Indication to use two certs on the same host. (ie: www.domain.com and domain.com) Apache’s Wiki has some info on the specifics.

–Christopher Karel

Related posts:

  1. Apache rewrite rules behind a nginx proxy
  2. Apache module “mod_jk”. Setup rewrite condition for using https for specific url/context
  3. domain not getting resolved without www. Despite appropriate apache settings and DNS records
  4. Why do some rewrite rules fail while AJP is serving all of my requests to Tomcat?
  5. Apache server rewrite rules: how to avoid “implicitly forcing redirect (rc=302)”?

Leave a comment