Posted by: alex in Insights
After purchasing a wildcard SSL certificate I was hoping to be able to redirect all traffic from http://example.com to https://www.example.com. There were two main goals which were to redirect all traffic to www.example.com and to require HTTPS. There is one flaw with this plan as it requires two valid certificates to work 100% of the time. The one scenario where it will not work is if a user types https://example.cominto a browser and you do not have a valid SSL certificate for example.com and instead only have a wildcard SSL certificate for *.example.com. The user will be prompted with an invalid certificate message when visiting the https://example.com domain.
The problem here is that the SSL handshake is happening before you are able to complete a redirect on the request. The only way to resolve this issue is to purchase two certificates to handle *.example.com and example.com. If you don’t mind the possibility of users typing in https://example.comand getting an invalid certificate message then purchasing a wildcard certificate only will cover you in 99% of situations.
Tags:
apache,
certificate,
HTTP,
HTTPS,
Litespeed,
redirect,
SSL,
SSL Certificate,
wildcard
No Comments »
Posted by: alex in Errors
The below error will be seen in the ssl_error_log typically located in /var/log/httpd for numerous reasons. Below is an explanation of what two of those reasons might cause Apache to not start and how to resolve the problem.
Error Example:
[Sat Oct 25 22:38:33 2008] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Oct 25 22:38:33 2008] [warn] RSA server certificate CommonName (CN) `server1.example.com’ does NOT match server name!?
Read the rest of this entry »
Tags:
apache,
CommonName,
error_log,
httpd.conf,
HTTPS,
RapidSSL,
ServerName,
SSL,
ssl.conf,
ssl_error_log
No Comments »
Normally when debugging problems with web applications, I try to use Firefox. However, every once in awhile there is a web application that is very Internet Explorer specific and will not work in Firefox at all.
To that end, here is a list of nice tools and add-ins for Internet Explorer.
Read the rest of this entry »
Tags:
browser,
cookies,
debugging,
HTTP,
HTTPS,
Internet Explorer,
windows
1 Comment »
Posted by: alex in Insights
I had created a script to run ask for a couple CLI arguements and then run httperf against a server. The goal was to load test a server for HTTP and for HTTPS. I added the –ssl switch but could not verify a couple things including if httperf had been compiled with SSL support or if the –ssl was working at all.
1. Was httperf installed with SSL support?
This is an easy one. If the –ssl option exists then your httperf was compiled with SSL support. I wasn’t sure since I installed httperf via YUM in CentOS. I also tested by compiling myself and both versions had SSL support. If you do compile yourself you can check compile-dir/config.status and see if SSL support compiled properly.
Read the rest of this entry »
Tags:
443,
CentOS,
CLI,
grep,
HTTP,
httperf,
HTTPS,
netstat,
SSL,
wc
No Comments »
Posted by: alex in Insights
The below explains the steps necessary to redirect all Litespeed HTTP (port 80) traffic to HTTPS (port 443).
Read the rest of this entry »
Tags:
443,
80,
HTTP,
HTTPS,
Linux,
Litespeed,
redirect,
rewrite,
Web Console
No Comments »
Entries (RSS)