Hi there,

Let say my users decide to type in https://www.foo.bar.com in IE7.
They get a security warning which doesn't look good...

If they type in http://www.foo.bar.com (non SSL) it redirects to
https://www.foo.bar.com and everyone is happy.

Is there something I can add to my apache config to fix this?

We have a wildcard SSL certificate if this helps. Thanks

JamesG wrote:
> Hi there,
>
> Let say my users decide to type in https://www.foo.bar.com in IE7.
> They get a security warning which doesn't look good...
>
> If they type in http://www.foo.bar.com (non SSL) it redirects to
> https://www.foo.bar.com and everyone is happy.
>
> Is there something I can add to my apache config to fix this?
>
> We have a wildcard SSL certificate if this helps. Thanks
>
I don't think you can avoid this without having separate certificates.
As you said, it's in IE7, and IE7 is as picky as picky gets when it
comes to SSL. Does it work fine with no warnings when you leave off the www?

--
DM davidm [at] cia.com.au

'It would go against respecting principles and truth if you have to
respect and accept anything just because it is the other side's view.'
- Kim Jung Ill

On 4 Oct, 11:54, David McKenzie <dav... [at] cia.com.au> wrote:
> JamesG wrote:
> > Hi there,
>
> > Let say my users decide to type inhttps://www.foo.bar.comin IE7.
> > They get a security warning which doesn't look good...
>
> > If they type inhttp://www.foo.bar.com(non SSL) it redirects to
> >https://www.foo.bar.comand everyone is happy.
>
> > Is there something I can add to my apache config to fix this?
>
> > We have a wildcard SSL certificate if this helps. Thanks
>
> I don't think you can avoid this without having separate certificates.
> As you said, it's in IE7, and IE7 is as picky as picky gets when it
> comes to SSL. Does it work fine with no warnings when you leave off the www?
>
> --
> DM dav... [at] cia.com.au
>
> 'It would go against respecting principles and truth if you have to
> respect and accept anything just because it is the other side's view.'
> - Kim Jung Ill

Hi,

It works fine without the www. Is there nothing we can do with
mod_rewrite to literally strip the www. off if there is a subdomain
detected and were using HTTPS?

Thanks

"JamesG" <mailmehere [at] gmail.com> wrote in message
news:1191496153.691871.172740 [at] 19g2000hsx.googlegroups.com...
> On 4 Oct, 11:54, David McKenzie <dav... [at] cia.com.au> wrote:
>> JamesG wrote:
>> > Hi there,
>>
>> > Let say my users decide to type inhttps://www.foo.bar.comin IE7.
>> > They get a security warning which doesn't look good...
>>
>> > If they type inhttp://www.foo.bar.com(non SSL) it redirects to
>> >https://www.foo.bar.comand everyone is happy.
>>
>> > Is there something I can add to my apache config to fix this?
>>
>> > We have a wildcard SSL certificate if this helps. Thanks
>>
>> I don't think you can avoid this without having separate certificates.
>> As you said, it's in IE7, and IE7 is as picky as picky gets when it
>> comes to SSL. Does it work fine with no warnings when you leave off the
>> www?
>>
>> --
>> DM dav... [at] cia.com.au
>>
>> 'It would go against respecting principles and truth if you have to
>> respect and accept anything just because it is the other side's view.'
>> - Kim Jung Ill
>
> Hi,
>
> It works fine without the www. Is there nothing we can do with
> mod_rewrite to literally strip the www. off if there is a subdomain
> detected and were using HTTPS?
>

Probably not, the SSL handshake happens before any URL details are passed to
the server.

On 4 Oct, 12:49, "phantom" <nob... [at] blueyonder.invalid> wrote:
> "JamesG" <mailmeh... [at] gmail.com> wrote in message
>
> news:1191496153.691871.172740 [at] 19g2000hsx.googlegroups.com...
>
>
>
> > On 4 Oct, 11:54, David McKenzie <dav... [at] cia.com.au> wrote:
> >> JamesG wrote:
> >> > Hi there,
>
> >> > Let say my users decide to type inhttps://www.foo.bar.cominIE7.
> >> > They get a security warning which doesn't look good...
>
> >> > If they type inhttp://www.foo.bar.com(nonSSL) it redirects to
> >> >https://www.foo.bar.comandeveryone is happy.
>
> >> > Is there something I can add to my apache config to fix this?
>
> >> > We have a wildcard SSL certificate if this helps. Thanks
>
> >> I don't think you can avoid this without having separate certificates.
> >> As you said, it's in IE7, and IE7 is as picky as picky gets when it
> >> comes to SSL. Does it work fine with no warnings when you leave off the
> >> www?
>
> >> --
> >> DM dav... [at] cia.com.au
>
> >> 'It would go against respecting principles and truth if you have to
> >> respect and accept anything just because it is the other side's view.'
> >> - Kim Jung Ill
>
> > Hi,
>
> > It works fine without the www. Is there nothing we can do with
> > mod_rewrite to literally strip the www. off if there is a subdomain
> > detected and were using HTTPS?
>
> Probably not, the SSL handshake happens before any URL details are passed to
> the server.

Thanks, just as i thought :(
Is there literally nothing I can do then? Thanks

JamesG wrote:
> On 4 Oct, 12:49, "phantom" <nob... [at] blueyonder.invalid> wrote:
>> "JamesG" <mailmeh... [at] gmail.com> wrote in message
>>
>> news:1191496153.691871.172740 [at] 19g2000hsx.googlegroups.com...
>>
>> Probably not, the SSL handshake happens before any URL details are passed to
>> the server.
>
> Thanks, just as i thought :(
> Is there literally nothing I can do then? Thanks
>
The only thing you'd really be able to do is purchase separate SSLs
instead of a wild card. Shit solution, but the only I can think of.

--
DM davidm [at] cia.com.au

'It would go against respecting principles and truth if you have to
respect and accept anything just because it is the other side's view.'
- Kim Jung Ill