Https to another site - iis

I have a domain https://www.example.com (HTTPS) which is now pointing to another IP (for this example thats 1.2.3.4).
1.2.3.4 also has other domains within IIS's directory for that particular site.
When i navigate to www.example.com all is fine but as soon as i add https to it i get a cert error.
How could i avoid the cert error from showing up? I have a rule set for canonical to point to the correct address?

Its not surprising that http://www.example.com does not produce a cert error as there is no certificate involved with that call. When you get the certificate error, you could look deeper into the error message that it provides. I'm guessing there is a mismatch between www.example.com and the certificate.

Related

How to apply LetsEncrypt SSL certificate to WWW domain?

I am using a Hostinger VPS and Hestia CP. I can create LetsEncrypt SSL from the control panel which successfully applies to https://example.com.
It also works perfectly when I go to www.example.com in Google Chrome, Opera, and Microsoft Edge.
However, www.example.com gives "SSL_ERROR_BAD_CERT_DOMAIN" on Firefox and Internet Explorer.
www.example.com actually redirects to https://example.com address anyway but for some reason, Firefox and IE don't redirect the website before the error.
So I am assuming that it leaves me with two options. Either use the SSL certificate for both www and non-www domains or find a solution to redirect the website before the error. Couldn't figure out which way is better and how to do them tho.
If you create a new domain, it is important to also add www. subdomain to alias column. So, f.e. like on the screenshot bellow.
The next what you will do is (re)generating SSL. Now, when you generate it after the entering the alias(es), the SSL cert. will be generated also with them.

www to non www on subdomain redirect in URL Rewrite

I have a webserver that hosts portal.mydomain.com. I have a working URL Rewrite rule in place to redirect any traffic from http://portal.mydomain.com to go to https://portal.mydomain.com.
Now i am trying to write a rule so that if anyone goes to http://www.portal.mydomain.com OR https://www.portal.mydomain.com to redirect to https://portal.mydomain.com
Right now i just have an external dns record that says www.portal.mydomain.com is a cname/alias for portal.mydomain.com
This works, but of users get a cert warning. I want to use url rewrite in IIS to redirect folks so that the cert warning goes away.
Everything i have searched and tried seems to not work. I think my closest iteration of a rule looks like this, but I need someone to tell me what i am doing wrong.
"I want to use url rewrite in IIS to redirect folks so that the cert warning goes away" is impossible.
The certificate error is part of TLS handshake, which happens long before URL rewriting. So your only option to address that certificate issue is to configure a proper certificate for https://www.portal.mydomain.com.

Redirect users from non-certified (non-www) domain to certified (www)

My client purchased a SSL certificate but only for the www domain.
I'm now trying to set up the redirect rules via .htaccess to redirect visitors from https://domain.com to https://www.domain.com (following this link), but it's not working.
I'm still seeing the certificate error screen and once I agree with the error, I am then redirected to the https version of the website.
Can't this "error" screen be bypassed?
Thanks
You can not avoid the certificate exception. The reason is, even before the request is sent (which includes the Host: domain.com header), the SSL handshake must be completed. It is during this handshake that the browser realizes that the certificate says the domain is "www.domain.com" while the domain the user tried to go to is "domain.com", and throws the exception.
No request ever gets sent to the server unless the exception is allowed. Your client needs to buy a cert for both www and non-www. Or make sure all links everywhere include the www.

Redirect from HTTPS to HTTP without URL rewrites

We have a Windows Server 2008 with IIS. One of the sub domains (i.e. HTTPS.TEST.COM) is bound to https and the other sub domain is bound to http (i.e. HTTP.TEST.COM). If the user enters https://HTTP.TEST.COM the user gets an ugly error about incorrect certificate - for some reason IIS uses the certificate for HTTPS.TEST.COM because user typed https instead of http.
My question is, how do I make sure visits to https://HTTP.TEST.COM gets redirected to http://HTTP.TEST.COM? It is not necessary to redirect to same sub page, the important thing is to get rid of the ugly error message. I have seen other posts about URL rewrites, but I get the feeling there are easier ways to solve this.
That is not possible, because when the client first connects to the https port of the server, there is an SSL handshake that results in the server certificate being presented to the client before the client is even allowed to tell the server which URL it is trying to access.
It is the client that gives the error that the server certificate for does not match what is expected and this happens before the server can do a redirect to the correct subdomain.
However, if you place a wildcard certificate for *.test.com on the server, you can effectively bypass the error and get the redirection to work. Another way would be to have separate SSL certificates for both HTTP.TEST.COM and HTTPS.TEST.COM, but for the above reasons you must then have them on separate IP addresses.

How should I get rid of an SSL error on accessing parked domain in https using .htaccess?

I'm a beginner in .htaccess and I need help. We have this website with its store module in https. We also have a parked domain pointing to this website. The problem is, when I type "https://www.parked_domain_name.com/store/" in the address bar, I get an SSL error. However, when I type "http://www.parked_domain_name.com/store/" on the address bar, it redirects to "https://www.parked_domain_name.com/store/" without getting any SSL errors. How can I view the store w/o SSL errors when I type "https://www.parked_domain_name.com/store/" in the address bar?
In general, you can only have HTTPS running on a single domain name for a site.
There are exceptions, for example a certificate for *.example.org would let you run HTTPS on both www.example.org and web.example.org subdomains. Also, some certificate providers will issue certificates for a fixed list of several domain names.
But in common usage, one IP address can have only one certificate, and one certificate can have only one domain name.
The behaviour you describe of the http URL redirecting the the https URL without warnings does not sound like it is possible. Perhaps try a few different browsers - they all act a bit differently on this front. How you reached the URL is not relevant. If you access example.org over HTTP and the certificate says anotherdomain.com then you will get SSL warnings.
You're best off running the site only on e.g. https://example.org/ and redirecting any other domains to that one, rather than hosting the site from multiple domains.
I hope this helps.

Resources