[Techtalk] https-ssl cert-mod_rewrite advice

Bonnie King b at bonnielking.com
Mon Aug 26 20:51:57 UTC 2013 

If I'm understanding your problem correctly, you want to avoid warnings
when a user types https://www.sitename.com.

The SSL connection is established before the rewrite to ditch the www can
happen, so the only way to do this is to also buy certs for www.sitename.com.
A wildcard cert will work, but one wildcard cert is much more expensive
than two "regular" ones.


On Mon, Aug 26, 2013 at 3:28 PM, Cynthia Kiser <cnk at ugcs.caltech.edu> wrote:

> Either seem fine to me. If you already have rewrite rules for SEO,
> then it isn't that much more work to have them work for the https
> protocol too - expecially since you already have a UCC (aka SAN) cert
>
> But the next time you need to have it reissued you can also add the
> www versions of your names. That will hold you until you have 49 names
> you need X and www.X pairs for.
>
>
> Quoting Carla Schroder <carla at bratgrrl.com>:
> > Hello good Techtalkers!
> >
> > I have a bit of a conundrum that surely you awesome peeps can help
> > with. My work sites, to keep the overbearing Googles happy, redirect all
> > http://www.sitename to http://sitename.
> >
> > There are two things I want to accomplish: have SSL available for
> >  pages that need it, and when site visitors accidentally use an https://
> >  link, to shut up the stupid paranoid browsers that freak out when SSL
> >  certs are not exactly perfect and emit scary warnings.
> >
> > What's the best approach to do this? Get SSL certs for all domains and
> > not worry about new mod_rewrite rules? We already have a UCC SSL cert
> > for our five http://sitename domains.
> >
> > thanks!
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Carla Schroder
> > Linux nerd and author of
> > Book of Audacity, Linux
> > Cookbook, Linux Networking
> > Cookbook
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > _______________________________________________
> > Techtalk mailing list
> > Techtalk at linuxchix.org
> > http://mailman.linuxchix.org/mailman/listinfo/techtalk
>
> --
> Cynthia N. Kiser
> cnk at ugcs.caltech.edu
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk
>



-- 
Bonnie King

More information about the Techtalk mailing list