1

I have an Apache CentOS (latest) site with subdomains, I want normal users using http and when using the shopping cart to use https; I use non-www, so I want to redirect all www to the non-www url as below; now the problem I'm having is the https ssl url; I have a single ssl cert (not a wild card) so I need all www to redirect to the non-www; but I get the page "This Connection is Untrusted", forcing users to except this cert or exit; after you except it, it will do the redirect; but not before, how can I fix this so they do not get that page?

RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
user83395
  • 11

2 Answers2

4

If I understand you correctly:

http://yourdomain.com -> no redirect
http://www.yourdomain.com -> redirects to http://yourdomain.com
https://yourdomain.com -> no redirect, works fine
https://www.yourdomain.com -> Untrusted warning, then redirects to https://yourdomain.com

Assuming I have understood you correctly this is the nature of SSL. If anyone tries to connect to your server using the "yourdomain.com" certificate at any hostname other than "yourdomain.com" you will get this error. So there is no way for someone to connect to https://www.yourdomain.com and not receive an error (unless you register a key for that... which is not what you wanted to do).

More or less "working as intended" in this case. People who go to the wrong URL will get whined at until they go to the correct one.

Neil Neely
  • 466
0

If you just need to support both your non-www and www domain names you can do that with one cert. Redirecting with htaccess won't work, you'll still get the "untrusted" error. Here's one that does https://www.domain.com/ and https://domain.com/ without having to buy 2 separate ones

jakers
  • 1