Forum Discussion

TJ_Vreugdenhil's avatar
TJ_Vreugdenhil
Icon for Cirrus rankCirrus
Nov 08, 2010

irule to redirect in HTTPS to avoid bad certificate warning

We have a wild card certificate:

 

*.yyy.edu

 

Some of our sites have two FQDN:

 

x.yyy.edu

 

www.x.yyy.edu

 

 

 

Is it possible to redirect www.x.yyy.edu to x.yyy.edu before the ssl certificate handshake by using a wild card certificate?

 

 

The problem we are running into, someone enters:

 

www.x.yyy.edu, the cert doesn't match our wildcard certificate and it throws an error in the web browser. We would like to redirect them to x.yyy.edu so the certificate works.

 

 

Would following SOL6823 address this problem (without creating an iRule)? If an iRule is needed, what would it look like?

 

 

Thanks,

 

 

-Tj

 

application delivery
dev
devops
iRules
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Nov 08, 2010
    Unfortunately, the SSL exchange has to happen before you can see clear text to trigger the redirect. You either need to use a different host name like "wwwx.yyy.edu" so your *.yyy.edu cert is usable, or you need to create a Virtual Server for www.x.yyy.edu using a *.x.yyy.edu or www.x.yyy.edu cert.
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Nov 09, 2010
    Chris is exactly correct on this. Another possible option would be to get a UCC cert which is valid for specific hostnames that all resolve to the same IP. I believe you could get a single cert valid for x.yyy.edu and www.x.yyy.edu. I don't know whether you can get a combination UCC and wildcard cert though.

     

     

    Aaron