Forum Discussion

kalav's avatar
kalav
Icon for Nimbostratus rankNimbostratus
Nov 16, 2020
Solved

HTTP redirect working but HTTPS not working

Hi,

 

Another "new to iRules" question. Any assistance would be gratefully received.

 

I have two virtual servers configured to serve a small set of URLs. One listening on http with an iRule handling redirects to https, and one listening on https. I have a certificate issued to site.com with SAN DNS Name of site.com & www.site.com.

 

I can reach the URL if I type in site.dk. I am redirected to https://site.com. if I try https://site.dk I get a certificate error. I can OK the error in the browser and am served the correct page, but the certificate error stays (valid certificate for site.com) and so does the address https://site.dk.

 

Same for site2.com.

 

The iRule I have configured is only on my http virtual server, as follows:

 

when HTTP_REQUEST {

 if { [HTTP::host] equals "www.site.dk" or [HTTP::host] equals "site.dk"} {

  HTTP::respond 301 Location "https://site.com[HTTP::uri]" }

 elseif { [HTTP::host] equals "www.site2.com" or [HTTP::host] equals "site2.com"} {

  HTTP::respond 301 Location "https://site.com[HTTP::uri]" }

 elseif { [HTTP::host] equals "www.site.com" or [HTTP::host] equals "site.com"} {   

  HTTP::respond 301 Location "https://site.com[HTTP::uri]

}

}

 

Is the above enough information to shed light on the issue?

 

Many thanks!

Kev

  • this is related to the sites which your certificate covers - in this case it should cover www.site.dk, site.com and site2.com. Or you can have a cert for www.site.dk and from that virtual server you can redirect to www.site.com. Basically, tie up the cert SAN names with the requested FQDN

2 Replies

  • this is related to the sites which your certificate covers - in this case it should cover www.site.dk, site.com and site2.com. Or you can have a cert for www.site.dk and from that virtual server you can redirect to www.site.com. Basically, tie up the cert SAN names with the requested FQDN

    • kalav's avatar
      kalav
      Icon for Nimbostratus rankNimbostratus

      Right. That makes sense to me! I don't control the certificates but if they don't cover all of the sites we're trying to serve then an error would be thrown up. Thanks for the answer.