1

I have an Apache CentOS (latest) site with subdomains, I want normal users using http and when using the shopping cart to use https; I use non-www, so I want to redirect all www to the non-www url as below; now the problem I'm having is the https ssl url; I have a single ssl cert (not a wild card) so I need all www to redirect to the non-www; but I get the page "This Connection is Untrusted", forcing users to except this cert or exit; after you except it, it will do the redirect; but not before, how can I fix this so they do not get that page?

RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
user83395
  • 11
  • 1
  • Obligatory pointer to the [mod_rewrite answer to end all mod_rewrite questions](http://serverfault.com/questions/214512/everything-you-ever-wanted-to-know-about-mod-rewrite-rules-but-were-afraid-to-ask). – Handyman5 Sep 15 '11 at 06:35

2 Answers2

4

If I understand you correctly:

http://yourdomain.com -> no redirect
http://www.yourdomain.com -> redirects to http://yourdomain.com
https://yourdomain.com -> no redirect, works fine
https://www.yourdomain.com -> Untrusted warning, then redirects to https://yourdomain.com

Assuming I have understood you correctly this is the nature of SSL. If anyone tries to connect to your server using the "yourdomain.com" certificate at any hostname other than "yourdomain.com" you will get this error. So there is no way for someone to connect to https://www.yourdomain.com and not receive an error (unless you register a key for that... which is not what you wanted to do).

More or less "working as intended" in this case. People who go to the wrong URL will get whined at until they go to the correct one.

Neil Neely
  • 466
  • 3
  • 5
  • 1
    My point was, that I want it to redirect to the correct page; it seems that the rewrite rule will only take effect after you except the untrusted cert; which most people will not, understandably, so the question is how can I fix this without having to purchase two certs; one for www and one for non-www; or a SANS cert which cost much more. – user83395 Jun 02 '11 at 22:27
  • You'll have to get two certs -- one each for www and non-www domains -- if you want to avoid the browser pop-up. As explained above, this is working as designed. Have a look at this and the next FAQ from Apache on some of the workings of SSL: http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts – KM. Jun 03 '11 at 01:30
0

If you just need to support both your non-www and www domain names you can do that with one cert. Redirecting with htaccess won't work, you'll still get the "untrusted" error. Here's one that does https://www.domain.com/ and https://domain.com/ without having to buy 2 separate ones

jakers
  • 1
  • Whilst this may theoretically answer the question, [it would be preferable](http://meta.stackexchange.com/q/8259) to include the essential parts of the answer here, and provide the link for reference. – Scott Pack Nov 21 '12 at 00:56