My company changed names recently, so along with that came a new domain. Both the old site and the new site are HTTPS and are on the same server using separate DNS entries.
I setup a 301 redirect which works great if people go to oldsite.com, but if they go to https://oldsite.com they get an SSL error.
Is there any way around this? Hopefully through DNS, server config, or htaccess file.
With TLS/SSL, only one certificate can be presented by the server per IP address. So if oldsite.com is using the same IP as newsite.com, the certificate for https://newsite.com will be the one sent to the client, which will (by definition) raise an SSL error for https://oldsite.com.
To have both oldsite.com and newsite.com both active, you'll have to have separate IPs for each. These can reside on the same server, with some (possibly complicated) routing configuration depending on your server's OS, to ensure requests to each IP are replied to from the same IP. However, even with DNS entries for both, you cannot share an IP address with multiple HTTPS domains.
Edit: You could also use virtual domains (exact config dependent on which web server you're running) to present the certificate for oldsite.com, then send the redirect after the TLS session is in place. I'd have to know which web server you're using (Apache, Nginx, Lighttpd, etc) to give a config example, though.
Related
I have a domain purchased from Godaddy. Then a Virtual Machine setup on Azure with an web application installed on it.
So thus far I have:
An Azure VM with an application running on it, lets say the ip for the VM is 12.3.456.789
A domain name I purchased from godaddy, e.g mydomain.com, I then created a subdomain for e.g sub.mydomain.com
I then added an SSL certificate to this subdomain which worked fine, after I changed the DNS A record for the subdomain to the ip address of the VM 12.3.456.789, also the application on the VM is accessed on port 4000. So https://sub.mydomain.com:4000
The issue is that when I access my domain via https I get the ERR_SSL_PROTOCOL_ERROR in all browsers but when I access it via http then the application on it loads completely fine.
Any ideas on what I would have done wrong or left out in my setup?
Also if I did not provide enough information do let me know.
commercial SSL certs are always signed to include the TLD
(Top Level Domain -> in your hypothetical case: mydomain.com) !
You should contact godaddy to change the certificate to change the SAN (Subject alternative Name to sub.mydomain.com)
One example:
You order a ssl certificate for the subdomain www for your domain mydomain.com.
mydomain.com is valid by its nature (SAN -> it's the TLD)
Whereas www.mydomain.com is the SUBJECT.
Best H.
To rewrite to rule from https as you are getting ERR_SSL_PROTOCOL_ERROR please check you are correctly provided ssl cerficate SSL Certificate Checker as my SSL provided is DigiCert.
And to make Https ensure in your remote desktop in IIS manager click your virtual machine ->binding -> Https and port as 443 and upload certificate.
In your virtual machine try to add outbound security rule provide service as HTTPS and port as same in 443
Reference: https://learn.microsoft.com/en-us/answers/questions/23397/not-able-to-secure-windows-azure-vm-in-https.html
I think that Cloudflare bypass my custom htaccess rules.
Is it true?
I had some IP restrictions in htaccess but they are bypassed.
Plus, my Expired Rules (for caching) I think that they aren't working.
I am trying to check that from redbot.org that tell me that: "Pragma: no-cache is a request directive, not a response directive."
Thanks
Cloudflare will request resources (such as web pages) from your server using its IP, not the client's IP. So, if you have some IP restrictions which you expect to work based on the client IP, then instead your .htaccess will be seeing Cloudflare's IP, not the client IP.
Cloudlfare have posted some answers on how to modify certain web servers so that the original client IP is again the IP you get, rather than Cloudflare's IP. See https://support.cloudflare.com/hc/en-us/sections/200038166-How-do-I-restore-original-visitor-IP-to-my-server-logs- for more information.
I have a domain with wildcard - *.mysite.com hosted on Server1
I am planning to host a sub-domain - sales.mysite.com on Server2.
Is this achievable? If yes I have a couple of questions on this.
How does DNS know to which server to point when sales.mysite.com is requested?
Does all traffic come to the Server1 and then redirected to Server2 if the destination calls for sales.mysite.com?
this is very easy to achieve. you need to configure your dns server that subdomain.mydomain.com points to server 1 and subdomain2.mydomain.com points to server 2. the traffic won't be routed via server 1. it will directly go to server 2. thats how DNS works. In the DNS server for each domain an ip address is stored. you just need to specify your 2 ip addresses the correct way for the subdomains and it should work. more infos you can get from wikipedia http://en.wikipedia.org/wiki/Domain_Name_System
We have a Windows Server 2003 machine running IIS6.0 that hosts two different websites. We purchased an SSL certificate for both domains, but then discovered we couldn't use both at once because SSL uses port 443, and I can't set both domains to use that port number.
So my question is, is it possible to host https://www.domain1.com and https://www.domain2.com on the same IIS 6.0 server? If so, how can I do this?
As #Bahri Gungor said the way to do this is for the server to have multiple IP addresses, have the different domains attach to different IPs and then you should be able to have each have a seperate SSL certificate.
Windows Servers can be assigned lots of IP addresses, then depending on your network setup you could change the DNS records for your different domains to point to the different IP addresses. Remember DNS changes take a while to role through the network (depending on their time-to-live). So you need to have the domain you move hosted on multiple IP addresses until all clients have the new DNS records.
See the following
http://technet.microsoft.com/en-us/library/cc722518.aspx
http://www.windowsnetworking.com/articles_tutorials/understanding-advanced-tcp-ip-settings-windows-2003.html
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/74097d64-d3d7-4b07-a1b7-0be86494ba97.mspx?mfr=true
Why?
How I assume you have things configured is serving both domains off the same port and the same IP address, and have IIS choose the different WebSite based on the host-header. The host-header as the name implies is part of the http headers sent to the server with the request, when using HTTPS this information is encrypted using the SSL certificate. So if your could have multiple certificates servered off the same port and IP address IIS would not know which certificate to decrepit the incoming request.
Wild Card Certificates
One way round this is if you have multiple sub-domains they can share one SSL certificate then you can use host-headers to choose which site the user is interested in
so if you had
a.example.com
b.example.com
c.example.com
You could get a certificate for
*.example.com
Then the websites for the subdomain could share one SSL certificate and the same IP address and port.
Can anybody explain why I see another web site at my http secure address. I don't have a certificate. I can manage files from folder httpsdocs but cannot access them from web. Also httpsdocs is empty. https://innovacube.com/
And base of my problem is Google indexes my https domain but I cannot denny Google Bot.
You're sharing IP addresses with another site - you'll see that both www.innovacube.com and www.cokyader.com resolve to 92.199.202.62. HTTP/1.1 allows this because you also send a host header
GET / HTTP/1.1
Host: www.innovacube.com
so the web server knows which site to serve for a given connection.
It isn't, however, possible to do this for HTTPS. The problem is that the certificate negotiation happens before the server gets to HTTP so you can't switch depending on the site that the browser really means. Therefore you can only host one HTTPS site per IP and this IP is hosting cokyader.com. (There are proposed extensions to help fix this but I've never seen any progress on this.)
If you want your own separate HTTPS site then your host will have to allocate you your own separate IP address.
Because you are using shared hosting, and it has been configured with a default SSL site that isn't yours (but presumably belongs to someone who has paid for SSL support and has their site hosted on the same server).