tags:

views:

917

answers:

4
+1  Q: 

SSL Certificate no WWW Apache (ModRewrite) EV

ModRewrite can easily handle stripping the www off the front of my domain.
In .htaccess:

RewriteEngine On
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

But with SSL, the certificate check comes before the .htaccess rewrite, causing certificate error.
I would rather not buy an SSL certificate for the www only to redirect it.
Can you offer me a smarter solution? (btw EV Certificates are not available as wildcards)

+2  A: 

You can get certificates with multiple domain names in them. Get one with mydomain.com and www.mydomain.com. I think it's also possible to buy "wildcard" certificates that will match any subdomain, but they cost much more.

John Millikin  2008-10-08 11:14:41
Wildcard certificates cost a lot more than a normal cert (I think about 5x from Thawte)
Greg  2008-10-08 11:18:20
I think the cheapest is still GoDaddy. Wildcard certs cost $180/year, with them, but you can get a 5-domain cert for $90.
Neall  2008-10-08 11:23:38
John Millikin  2008-10-08 11:34:41
+1  A: 

Depending on your situation you could look into cacert.

After you are assured by enough people to gain 50 'points', you can create your own server certs, as many as you want.

Normaly you will be 'assured' by someone by meeting with him/her in real life, and showing some kind of ID (drivers license, passport).

For more info read the site, or you pm me.

HuibertGill  2008-10-08 11:35:56
+1  A: 

In your situation, two options show promise:
1) When a secure connection is required, link to https://domain.com
Keeping part of your .htaccess redirection

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

will prevent www.domain.com, and hopefully minimise https://www.domain.com
2) As others have suggested, get a separate certificate for https://www.domain.com
startssl.com have free certificates, suitable for a redirection only job like this.

Jolyon  2008-10-11 02:10:46
A: 

Many SSL Certificate providers, including DigiCert, GlobalSign, and possibly GoDaddy, will put the www in a certificate for free as a Subject Alternative Name. This means the certificate will work for both paypal.com and www.paypal.com. You can then just forward all traffic from https://www.paypal.com to https://paypal.com.

Robert  2008-11-08 00:36:44

related questions

How do I add a MIME type to .htaccess?
Difference between the Apache HTTP Server and Apache Tomcat?
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Cleanest & Fastest server setup for Django
Installing Apache Web Server on 64 Bit Mac
Running Apache alongside another web server?
Algorithm behind MD5Crypt
Can you compile Apache HTTP Server and redeploy its binaries to a different location ?
mod_rewrite rule to redirect all requests except for one specific path
How do I create a self signed SSL certificate to use while testing a web app.
Software for Webserver Log Analysis?
What is the difference between an endpoint, a service, and a port when working with webservices?
What are the proper permissions for an upload folder with PHP/Apache?
mod_rewrite to alias one file suffix type to another
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
User authentication on Resin webserver
How do you set up Python scripts to work in Apache 2.0?
Block user access to internals of a site using HTTP_REFERER
.htaccess directives to *not* redirect certain URLs
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP