Redirecting of hostname to full qualified domain name with HTTPS fails [duplicate]

https virtualhost apache-2.4

First off, I don't want to use rewrites.

I'm trying to redirect any call (HTTP or HTTPS) to myserver to the secured fully qualified domain using https at https://myserver.fullyqualified.com.

Here is my config

# Redirect all http traffic to https
<VirtualHost *:80> # line 545
  Redirect / https://myserver.fullyqualified.com/
</VirtualHost>

<VirtualHost *:443> # line 549
  ServerName myserver.fullyqualified.com
  SSLEngine on
  SSLCertificateFile "conf/mycert.crt"
  SSLCertificateKeyFile "conf/mykey.key"
</VirtualHost>
<VirtualHost *:443> # line 555
  ServerName myserver
  Redirect / https://myserver.fullyqualified.com/
</VirtualHost>

This works fine for HTTP, I can call http://myserver and it redirects to https://myserver.fullyqualified.com just fine.

However when I call https://myserver I get an error about the site not being secure, and it doesn't redirect to https://myserver.fullyqualified.com like I expect it to.

In Chrome, the error says

This server could not prove that it is myserver; its security certificate is from myserver.fullyqualified.com. This may be caused by a misconfiguration or an attacker intercepting your connection.

This is the output of httpd -S

*:80                   MYSERVER.fullyqualified.com (C:/Apache24/conf/httpd.conf:545)
*:443                  is a NameVirtualHost
         default server myserver.fullyqualified.com (C:/Apache24/conf/httpd.conf:549)
         port 443 namevhost myserver.fullyqualified.com (C:/Apache24/conf/httpd.conf:549)
         port 443 namevhost myserver (C:/Apache24/conf/httpd.conf:555)
ServerRoot: "C:/Apache24"
Main DocumentRoot: "C:/Apache24/htdocs"
Main ErrorLog: "C:/Apache24/logs/error.log"
Mutex default: dir="C:/Apache24/logs/" mechanism=default
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
PidFile: "C:/Apache24/logs/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: SRVROOT=c:/Apache24

How can I redirect HTTPS traffic to the full qualified domain name?


Your SSL certificate for HTTPS should have myserver inside it as a alternative name, as it seem a simple ssl error that block the redirect.

If a homemade certificate please be sure to install it into the client store before testing. You can deploy the certificate by GPO if you are into a active directory domain.


If your cert is for https://example.com, the browser will not accept it to access https://example because the names don't match.

Unless you have self-signed certificates accepted in your browser (and those of all your clients), this can't be prevented, and you won't get any public signed certs (e.g. with Let's encrypt or any regular CA) for a hostname without a TLD.

Related

Is it possible to use a TXT record for CAA (Certification Authority Authorization)
Setting up an Email Server on Ubuntu
Linux/UNIX Server Setup Practices for /tmp
Which Apache package is best for mod_wsgi Django application?
What is the difference between sambaLMPassword and sambaNTPassword?
What is the added value of installing Dell / HP / IBM / etc. supplied drivers?
How good/safe are disk to disk backups?
bad printer isolation on print server or better way?
Software to Monitor the Stability of Internet Connection [closed]
Cannot create self-signed SSL certificate with IIS 7
ORA-12705: Cannot access NLS data files or invalid environment specified
pfsense: how to block internet for one client