Forum Discussion

Nimbostratus

Apr 17, 2008

Self-signed certificate in a Redirect

I have a virtual server setup to receive SSL traffic. The virtual server has a CLIENTSSL profile on it, with a self-signed SSL certificate. The virtual servers only purpose is to do a redirect. So...

config

design

hoolio

Cirrostratus

Apr 17, 2008

If the browser is configured to generate an alert when the requested hostname doesn't match the subject of the SSL certificate a site presents, then I could see that it would work in IE. However, with default settings in IE, you should see the mismatched certificate warning. By design of SSL certificates there isn't a way to configure a web server to prevent the client from 'seeing' that the cert isn't valid. You'd need to get a certificate which is valid for the host name that the client requests, or change the browser settings for each client.

I'm not sure if it's feasible for you to do, but if you could have the clients make the first request to http://urlname.com (instead of https://urlname.com), you could avoid the cert mismatch issue.

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)