Forum Discussion
https cert redirect
I'm trying to solve the following invalide cert use case:
Cert's issued to "www.foo.com"
User types url "https://foo.com"
I figured out how to redirect the request to "https://www.foo.com" but I still get the cert warning (the redirect takes place after the key exchange). Is there anyway to write an irule to change the request of "foo.com" to "www.foo.com" before the key exchange takes place?
Thanks,
Vince
3 Replies
- Unfortunately there's no way to even see the data that's going to be received before the cert exchange takes place, since it's all encrypted until we've exchanged certs and decrypted it.
Unfortunately this is one of those chicken and egg scenarios. :-/
Colin 
hoolioCirrostratus
Hi,
If the client makes a request to the virtual server over HTTPS with a host header value that doesn't match the cert's CN, they'll get the browser prompt to accept the mismatched cert. There isn't anything you can do to eliminate that.
You could get a wildcard cert which is valid for *.foo.com.
Or you could try to eliminate the scenarios whereby a user would make a request to the HTTPS VIP with the wrong Host header value.
If the client is first making a request via HTTP to a VIP address, you could redirect them to the correct host via HTTPS (https://www.foo.com). They wouldn't get the cert warning then.
Aaron- http://www.digicert.com/welcome/wildcard-plus.htm
check out the link above. it is a sneaky way to expand upon the wildcard cert idea.
