10

A client has an SSL certificate only for the www.site.com version of the domain, not site.com.

Redirecting for regular HTTP was not a problem via mod_rewrite.

However, this method seemed to fail for us for HTTPS.

We want to redirect https://site.com requests to https://www.site.com.

Can this be done without raising an invalid certificate warning in the browser, or getting a wildcard certificate?

djdy
  • 583
  • 2
  • 4
  • 15

2 Answers2

10

No, it doesn't work that way.

The SSL transaction happens before any HTTP is sent, so the SSL warning will appear before any redirect can happen.

Actually, I don't believe a wildcard would work, either, since site.com and *.site.com are not the same. You may want to consider Subject Alternative Names on the certificate.

cjc
  • 24,916
  • 3
  • 51
  • 70
  • I was afraid this was the case. Thank you for confirming it. – djdy Mar 08 '12 at 22:41
  • 1
    This answer is incorrect. See http://serverfault.com/a/367843/113375 – Ben Lessani Sep 19 '12 at 23:26
  • @BenLessani-Sonassi The linked answer does not seem to cover how you can have a redirect occur when the certificate for the original site is not recognized by the browser. – Michael Oct 05 '17 at 16:59
  • The point I was trying to make is that almost all CA's will provide a certificate that covers both the apex domain and www subdomain when purchased under the www subdomain variant. – Ben Lessani May 12 '18 at 23:51
0

RapidSSL's Basic Certificate when purchased under 

www.mydomain.com

also covers 

domain.com

Whilst not wildcard, it does give you cover for the TLD and www subdomain.

Yes, you can redirect from a subdomain to another without an SSL error - we use this on many, many sites, just one example is:

https://www.theclientarea.info which redirects to https://sms-sagat.theclientarea.info

Without error.

A simple .htaccess rewrite will take care of it for you:

RewriteEngine On
RewriteCond %{ENV:HTTPS} !On [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

RewriteCond %{HTTP_HOST} !^www\.example\.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

Any type of movement between HTTPS subdomains will work without error or prompt, be it POST/GET/.htaccess redirect

The only time it becomes an issue, is if you are redirecting from HTTPS to HTTP - then it will prompt you.

Ben Lessani
  • 5,244
  • 17
  • 37
  • Right, you're using Subject Alternative Names in the certificate. The OP is going to need a new cert. – cjc Mar 09 '12 at 00:21
  • No, we're using 2 separate certs. But I was just saying that the cheapest SSL cert on the market does what he needs (support for TLD with/without www subdomain). – Ben Lessani Mar 12 '12 at 00:01