Forum Discussion
Mike_Devlin_108
Nimbostratus
NimbostratusStriping www from the URL
Hello,
I guess I'll start by explaining the desired result. The virtual server will be listening on port 443, and will have an SSL certificate of *.company.com. Given that a wildcard SSL cert will only terminate back one level (based on RFC2818), I need to be able to re-write or re-direct the following:
https://www.customer1.company.com to https://customer1.company.com before SSL termination takes place. The idea is that the customer will not be presented with the SSL mismatch error.
So now, i ask, can i do that? and if so, how?
I was thinking something like, but i don't know if it will work, or the correct syntax:
when HTTP_REQUEST {
if {[HTTP::host] starts_with "www."} {
variable = everything_after_www.
redirect to "https://variable[HTTP::uri]"
}
}
Thanks in advance.
- JRahm
Admin
I'm not sure if IE still behaves this way, but last I heard is it expects the asterisk in the leading position, so you'll still get a warning for www.customer1.company.com for a *.company.com wildcard cert. My understanding is firefox will do this just fine.
BTW, ssl termination has to take place before the host is evaluated. 
Mike_Devlin_108Newest version of Firefox was apparently brought up to comply with the RFC.
Thanks anyways.
hoolioCirrostratus
You could change DNS records so that the other FQDN's resolve to separate addresses and then install valid certs on VIPs on those IP's. Maybe it's not as consolidated a solution as doing everything on one VIP, but it eliminates the mismatched cert warnings.
Aaron
