HTTPS redirect with wildcard cerificate [closed]

Question

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

---

This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.

Closed 8 years ago.

Improve this question

Apache 2.2. I have an wildcard SSL Certificate to *.mydomain.com. I want to allow secure connections also directly at mydomain.com. I have found a solution that I can make the address for my site www.mydomain.com only, and indeed - certificate is working when I enter www.mydomain.com. Working configuration:

<VirtualHost *:443>
    ServerName www.mydomain.com

    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/cert.der
    SSLCertificateKeyFile /etc/apache2/key.pem

    // site config, redirects to Apache Tomcat
</VirtualHost>

<VirtualHost *:443>
    ServerName mydomain.com
    Redirect permanent / https://www.mydomain.com

    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/cert.der
    SSLCertificateKeyFile /etc/apache2/key.pem
</VirtualHost>

<VirtualHost *:80>
    ServerName mydomain.com
    ServerAlias www.mydomain.com
    Redirect permanent / https://www.mydomain.com
</VirtualHost>

When I enter the http://mydomain.com and http://www.mydomain.com I am redirected to the https://www.mydomain.com as expected.

However, when I enter https://mydomain.com, the browser says that the certificate is invalid (padlock is red). I have to confirm that I know and trust the certificate (in chrome it is called "add a security exception") and after it - I am properly redirected to the https://www.mydomain.com - and the padlock is green.

Question is: how to redirect https://mydomain.com to https://www.mydomain.com without bothering user about invalid certificate?

I tried to remove the SSL* entries from the second VirtualHost definition, but then apache does not start and the following message is in logs:

[error] Server should be SSL-aware but has no certificate configured 
[Hint: SSLCertificateFile] (/etc/apache2/sites-enabled/mydomain:1)

Answer 1

The SSL connect with the certificate verification will be done before any HTTP messages are exchanged. Thus a HTTP redirect from mydomain.com to www.mydomain.com can only be done after successful verification of the certificate. Therefore no fiddling with the server will help and your only choice is to get a certificate which does include mydomain.com.