I have a client who has a PHP website hosted by Apache. The website is for internal use only, but they still want their employees to be able to access it from their phones and home computers. The client is concerned about security and wanted the whole website to use https instead of http, so they bought an SSL certificate. Right now, http://example.com/ forwards to https://example.com/ . http://www.example.com/ also forwards to https://example.com/ . Both of these forwards are correct. However, https://www.example.com/ does not forward to the non-www version, which is incorrect. Not only that, but it displays the "Red Hat Enterprise Linux Test Page"! I don't know a whole lot about SSL certificates, but from what I've read, it sounds like I'll need another SSL certificate for the www version of the URL even though all I'll be doing is forwarding it to the non-www version of the URL. Does that sound right? What do you recommend I do in this situation?
This is what my virtual host configuration looks like (only with the correct IP address and hostname, of course):
<VirtualHost *:80> ServerAdmin [email protected] ServerName example.com ServerAlias www.example.com Redirect permanent / https://example.com/ </VirtualHost> <VirtualHost 1.2.3.4:443> ServerAdmin [email protected] DocumentRoot "/var/www/example.com/public" ServerName example.com ServerAlias www.example.com <Directory /var/www/example.com/public> Options All AllowOverride All SSLRequireSSL SSLOptions +StrictRequire SSLRequire %{HTTP_HOST} eq "example.com" </Directory> ErrorLog /var/log/httpd/example.com-error.log LogLevel warn CustomLog /var/log/httpd/example.com-access.log combined ServerSignature Off SSLEngine on SSLCertificateFile /etc/httpd/certificates/example.com/example.com.crt SSLCertificateKeyFile /etc/httpd/certificates/example.com/example.key SSLCertificateChainFile /etc/httpd/certificates/example.com/gd_bundle.crt </VirtualHost> 
