cancel
Showing results for 
Search instead for 
Did you mean: 

HTTP redirect working but HTTPS not working

kalav
Nimbostratus
Nimbostratus

Hi,

 

Another "new to iRules" question. Any assistance would be gratefully received.

 

I have two virtual servers configured to serve a small set of URLs. One listening on http with an iRule handling redirects to https, and one listening on https. I have a certificate issued to site.com with SAN DNS Name of site.com & www.site.com.

 

I can reach the URL if I type in site.dk. I am redirected to https://site.com. if I try https://site.dk I get a certificate error. I can OK the error in the browser and am served the correct page, but the certificate error stays (valid certificate for site.com) and so does the address https://site.dk.

 

Same for site2.com.

 

The iRule I have configured is only on my http virtual server, as follows:

 

when HTTP_REQUEST {

 if { [HTTP::host] equals "www.site.dk" or [HTTP::host] equals "site.dk"} {

  HTTP::respond 301 Location "https://site.com[HTTP::uri]" }

 elseif { [HTTP::host] equals "www.site2.com" or [HTTP::host] equals "site2.com"} {

  HTTP::respond 301 Location "https://site.com[HTTP::uri]" }

 elseif { [HTTP::host] equals "www.site.com" or [HTTP::host] equals "site.com"} {   

  HTTP::respond 301 Location "https://site.com[HTTP::uri]

}

}

 

Is the above enough information to shed light on the issue?

 

Many thanks!

Kev

1 ACCEPTED SOLUTION

PeteWhite
F5 Employee
F5 Employee

this is related to the sites which your certificate covers - in this case it should cover www.site.dk, site.com and site2.com. Or you can have a cert for www.site.dk and from that virtual server you can redirect to www.site.com. Basically, tie up the cert SAN names with the requested FQDN

View solution in original post

2 REPLIES 2

PeteWhite
F5 Employee
F5 Employee

this is related to the sites which your certificate covers - in this case it should cover www.site.dk, site.com and site2.com. Or you can have a cert for www.site.dk and from that virtual server you can redirect to www.site.com. Basically, tie up the cert SAN names with the requested FQDN

Right. That makes sense to me! I don't control the certificates but if they don't cover all of the sites we're trying to serve then an error would be thrown up. Thanks for the answer.