How do I set up a conditional redirect in Tomcat

Question

I have Tomcat running Jira. I have two DNS names that are attached to this site - mysite.myorg.com and mysite.myorg.net. I want the mysite.myorg.com to redirect all users to mysite.myorg.net since I have my ssl certificate set up for the .net site.

My question is: which way is the easiest and most reliable to set up this redirect?

Currently I have the .com DNS record as an alias of .net record via a CNAME entry. However, the web browser does not substitute the URL when users access the .com site and this leads to SSL certificate warning message.

Is it possible set up Tomcat to detect if a site is being accessed via a certain URL and issue a 301 response to redirect to a different URL?

Answer 1

if you are looking to get around the "Untrusted Certificate" warning, you'll have no luck when a user browses to https://mysite.myorg.com it wont work.

You cannot issue a 301 based on the header in an SSL connection. The SSL handshake occurs before any http data is transmitted. To get this to work you will need a valid certificate for mysite.myorg.com and you will have to find a way to configure Tomcat to use the SNI extension of SSL. (I reccomend offloading ssl from tomcat at this point, but everyone is allowed to pick their own poison.)

Stack overflow seems to have something relevant for you: https://stackoverflow.com/questions/6324901/using-multiple-ssl-certificates-in-tomcat-7

We generally use apache HTTPd to offload SSL for our shared IP SSL servers. mod_proxy in httpd handles it nicely. You could also check ro see if stunnel support SNI yet.

Short answer: Either buy a valid cert for your second domain, or accept that the warning will appear.