[users@httpd] redirect https to http

[Jobst Schmalenbach <jo...@barrett.com.au>]

Hi.

I have a problem that one of my domains is listed on google as https
and I do not have a valid certificate and neither do I need to 
have one.

I have sent an email to technical support at google and they have
come back to me with a couple of suggestions and told me too that
they had a look at my site "and I am doing the right things".

The server in question hosts a few domains (all virtual hosts)
and has three domains running that have valid security certificates
which are virtual hosts too. All the virtual hosts work correctly
and in all cases the domain.com.au redirects correctly to
www.domain.com.au. The three virtual certificate domain all work 
corretly as well.

The problem I have is when ANY of the domains that do NOT have
a valid https certificate go to the main server and off course read
the incorrect certificate.

Is there a way of telling apache NOT to go down the https path 
but immediately redirect the request to http without requiring
to return the security certificate to the browser and telling
the browser there is no such thing?

I know I can do this:

  RewriteCond %{SERVER_PORT} 443
  RewriteRule ^(.*)$ http://%{HTTP_HOST} [R=301,L]

but that still leads to asking the user that the certificate
is incorrect as it is trying to read the main server's certificate.

I have tried to setup a _default_ virtual host, and within that
virtual host I turn off SSL but I still get these problems.

Is there any way I can get around this?


thanks
Jobst





-- 
Avon: I'm not expendable, I'm not stupid, and I'm not going.

  | |0| |   Jobst Schmalenbach, jobst@barrett.com.au, General Manager
  | | |0|   Barrett Consulting Group P/L & The Meditation Room P/L
  |0|0|0|   +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] redirect https to http

[Jobst Schmalenbach <jo...@barrett.com.au>]

Frank,

thanks. I looked at the compatibility and that does not look too good as
we have loads of people using IE7 and XP, not sure ... it looks good, though.

Our company uses Firefox 3.68 so thats not the problem but I have
online questionnaires that rely on the https stuff, and lots of our
clientele use IE7 (and many use IE6) :-(

Jobst

On Mon, May 30, 2011 at 10:38:05PM -0400, Frank Gingras (francois.gingras@gmail.com) wrote:
> On 30/05/2011 7:32 PM, Jobst Schmalenbach wrote:
> >Hi.
> >
> >I have a problem that one of my domains is listed on google as https
> >and I do not have a valid certificate and neither do I need to
> >have one.
> >
> >I have sent an email to technical support at google and they have
> >come back to me with a couple of suggestions and told me too that
> >they had a look at my site "and I am doing the right things".
> >
> >The server in question hosts a few domains (all virtual hosts)
> >and has three domains running that have valid security certificates
> >which are virtual hosts too. All the virtual hosts work correctly
> >and in all cases the domain.com.au redirects correctly to
> >www.domain.com.au. The three virtual certificate domain all work
> >corretly as well.
> >
> >The problem I have is when ANY of the domains that do NOT have
> >a valid https certificate go to the main server and off course read
> >the incorrect certificate.
> >
> >Is there a way of telling apache NOT to go down the https path
> >but immediately redirect the request to http without requiring
> >to return the security certificate to the browser and telling
> >the browser there is no such thing?
> >
> >I know I can do this:
> >
> >   RewriteCond %{SERVER_PORT} 443
> >   RewriteRule ^(.*)$ http://%{HTTP_HOST} [R=301,L]
> >
> >but that still leads to asking the user that the certificate
> >is incorrect as it is trying to read the main server's certificate.
> >
> >I have tried to setup a _default_ virtual host, and within that
> >virtual host I turn off SSL but I still get these problems.
> >
> >Is there any way I can get around this?
> >
> >
> >thanks
> >Jobst
> >
> >
> >
> >
> >
> 
> Jobst,
> 
> Configure the server to use SNI, and you can define a vhost for each
> hostname, and avoid the certificate mismatch.
> 
> As for requests like https://1.1.1.1/, you'll need a vhost with that IP as the CN, as well.
> 
> Frank
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org

-- 
#include <signature.h>

  | |0| |   Jobst Schmalenbach, jobst@barrett.com.au, General Manager
  | | |0|   Barrett Consulting Group P/L & The Meditation Room P/L
  |0|0|0|   +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] redirect https to http

[Frank Gingras <fr...@gmail.com>]

On 30/05/2011 7:32 PM, Jobst Schmalenbach wrote:
> Hi.
>
> I have a problem that one of my domains is listed on google as https
> and I do not have a valid certificate and neither do I need to
> have one.
>
> I have sent an email to technical support at google and they have
> come back to me with a couple of suggestions and told me too that
> they had a look at my site "and I am doing the right things".
>
> The server in question hosts a few domains (all virtual hosts)
> and has three domains running that have valid security certificates
> which are virtual hosts too. All the virtual hosts work correctly
> and in all cases the domain.com.au redirects correctly to
> www.domain.com.au. The three virtual certificate domain all work
> corretly as well.
>
> The problem I have is when ANY of the domains that do NOT have
> a valid https certificate go to the main server and off course read
> the incorrect certificate.
>
> Is there a way of telling apache NOT to go down the https path
> but immediately redirect the request to http without requiring
> to return the security certificate to the browser and telling
> the browser there is no such thing?
>
> I know I can do this:
>
>    RewriteCond %{SERVER_PORT} 443
>    RewriteRule ^(.*)$ http://%{HTTP_HOST} [R=301,L]
>
> but that still leads to asking the user that the certificate
> is incorrect as it is trying to read the main server's certificate.
>
> I have tried to setup a _default_ virtual host, and within that
> virtual host I turn off SSL but I still get these problems.
>
> Is there any way I can get around this?
>
>
> thanks
> Jobst
>
>
>
>
>

Jobst,

Configure the server to use SNI, and you can define a vhost for each hostname, and avoid the 
certificate mismatch.

As for requests like https://1.1.1.1/, you'll need a vhost with that IP as the CN, as well.

Frank

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org