0

I have a website with an SSL cert. Let's say it's called example.com , I have a rewrite rule set to redirect any request to http://example.com to go to https://example.com/ this works great.

But, every now and then I get someone who types https://www.example.com/ and they get an SSL certificate mismatch. As the cert is only for example.com.

What's the best way to do the re-direct first, before the server throws the ssl certificate to the web browser?

Improve this question

2 Answers 2

Reset to default
3

There is no way to do the redirect first, as the SSL connection must be in place before the HTTP connection (which contains any redirect) can occur.

Some certificate authorities will include www.example.com as a Subject Alternate Name on a certificate for example.com at no extra charge - that's probably the easiest solution; any other solution (SNI, a second IP for www) involves buying a second certificate anyway.

Improve this answer
3
  • +1, but usually it's when you order for www.domain.tld they throw in domain.tld for free :) Commented Jan 27, 2012 at 22:31
  • @fbh Good point - current provider might even do it if the names are flipped around. Commented Jan 27, 2012 at 22:33
  • makes sense, i was hoping i could undo that. i'll just order the right certs. Commented Jan 30, 2012 at 5:07
1

The server is not the one throwing the exception. It's the browser that is throwing the exception. You need to get a cert that covers www.example.com or a wildcard cert to cover this case.

What is happening is the client is requesting https://www.example.com and since nginx is returning with the cert for example.com it's throwing the error. The client is going to throw the cert mismatch error before any redirects you do at the server side.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.