3

We have an apache server which hosts multiple domains from, which some have https enabled and some do not.

Now the problem is that if I access https://exampleWithoutHttps I will come to the content of https://exampleWithHttps.

I would like to forward the user from https://exampleWithoutHttps to http://exampleWithoutHttps on all domains whithout https. I have tried to create a redirect rule in virtualhost *:443 but this creates the following error:

Server should be SSL-aware but has no certificate configured

The problem is that I cant change "Listen 443" to "Listen 443 http" as this would break my hosts with ssl enabled.

Is there a way I could have a redirect without a ssl certificate ?

Or if not possible can you propose an alternative which would ensure that https://exampleWithoutHttps does not show the content of https://exampleWithHttps.

My ports.conf

 NameVirtualHost *:80 Listen 80 NameVirtualHost *:443 Listen 443

mi site condfig:

<VirtualHost *:80> DocumentRoot /path/to/dr ServerName exampleWithoutHttps.com ServerAlias www.exampleWithoutHttps.com </VirtualHost> <VirtualHost *:443> ServerName exampleWithoutHttps.com ServerAlias www.exampleWithoutHttps.com Redirect permanent / http://www.exampleWithoutHttps.com/ </VirtualHost>
Improve this question
4
  • I've come across this same issue. It is BAD to load a client's competitor's site just because they don't need SSL! Commented Dec 21, 2016 at 13:57
  • Ok like i feared not without a certificate but is there at least a way to block a request for 443 on the wrong domain ? Commented Dec 21, 2016 at 14:32
  • Why not get a proper certificate for domains that doesn't NEED https? And, are you sure your don't need https ? If you handle any personal data, you must protect it in most countries. Commented Dec 21, 2016 at 14:51
  • I was told to generate a self-signed certificate for each domain to prevent the redirects. However, this seems like a lousy approach when you have 100 unmanaged sites on the server. Commented Dec 21, 2016 at 17:10

2 Answers 2

Reset to default
1

Configure any certificate for your VirtualHost *:443 and you are done.

  • Could be simply a self-signed certificate that you generate for yourself. Of course user will see a security warning. This is expected. Users specifically want https where s stands for secure. You don't hold a valid certificate for exampleWithoutHttps.com, hence you cannot give them security - it's correct they are warned about that.
  • You could also get a valid cert for free from a couple of vendors.

Place the VirtualHost *:443 of ServerName exampleWithoutHttps.com before VirtualHost *:443 of ServerName exampleWithHttps.com. I mean place it textually as the first one in the Apache's configuration files. This ensures user will not see content from exampleWithHttps.

Improve this answer
0

I would like to forward the user from https://exampleWithoutHttps to http://exampleWithoutHttps on all domains whithout https.

In order to do the redirect, you need to first set up a https connection. You cannot set up a https connection with out a valid certificate etc.

So to answer the question, you can't do it. Well, not in a manner that would satisfy most people who have any concerns over security anyway.

Improve this answer
5
  • He is not looking to DO a redirect, he is looking to PREVENT a redirect. Most servers load the first site with SSL when HTTPS is requested instead of serving the current domain with an invalid certificate. Commented Dec 21, 2016 at 17:07
  • Read the 3rd paragraph, it's the one I quoted he explicitly says what he wants to do and that's what I answered. Commented Dec 21, 2016 at 17:18
  • >> "Now the problem is that if I access exampleWithoutHttps I will come to the content of exampleWithHttps." The OP is trying to come up with a solution within his question. Obviously, that solution doesn't work. There's no point in creating an "answer" quoting his incorrect answer and stating that it's not a correct answer. Commented Dec 21, 2016 at 17:25
  • What about paragraph 6 as well ? Is there a way I could have a redirect without a ssl certificate ? the answer to which is also contained in my answer. Commented Dec 21, 2016 at 17:26
  • if you think my answer is wrong then just down vote it - simples. Commented Dec 21, 2016 at 17:31

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.