Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Problem
I currently have the problem where https://domain.com does not redirect to https://www.domain.com and shows an untrusted ssl certificate.
This is Related to which is a ruby-on-rails solution
redirect to 'www' before force_ssl
Question
Is there a way to redirect to the www domain before the SSL requirement kicks in?
I am using PHP.
HTTPS is HTTP over TLS/SSL (see RFC 2818), which first establishes the SSL/TLS connection before any HTTP traffic is sent. Any redirection (via
mod_rewrite, custom PHP code or other) will always apply after the SSL/TLS connection is established.Not doing so would actually be a security issue, since an attacker could rewrite and redirect the client before the certificate has been verified.
If you want to redirect from
https://domain.comtohttps://www.domain.com, the certificate obtained forhttps://domain.commust be valid fordomain.com(and then, the certificate obtained forhttps://www.domain.commust be valid forwww.domain.com).(You could use two different certificates with Server Name Indication if the two hosts are served on the same IP address, but this is rather convoluted.)
The easiest would be to obtain a certificate that’s valid for both
domain.comandwww.domain.com. This can be done using a single certificate with multiple Subject Alternative Name entries. Most CAs should be able to issue such certificates. Some do it without additional fee.