I want to make sure there aren't any mysterious odd behaviors when redirecting a SSL VirtualHost with mod_alias Redirect
as outlined by Apache here.
My code seems to work, but since SSL virtual hosts are restricted to just one IP address, I want to make sure there aren't any problems eluding me. Explicitly not using TLS. I'm stuck with Apache 2.2 for now.
<VirtualHost *:443>
ServerName example.com
SSLEngine On
SSLCertificateFile /path/to/example.com-crt.crt
SSLCertificateKeyFile /path/to/example.com-key.key
SSLCACertificateFile /path/to/example.com-ca.txt
Redirect 301 / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
SSLEngine On
SSLCertificateFile /path/to/example.com-crt.crt
SSLCertificateKeyFile /path/to/example.com-key.key
SSLCACertificateFile /path/to/example.com-ca.txt
# Do stuff
</VirtualHost>
So my question is, should SSL VirtualHost redirection with mod_alias Redirect
work the same as non-SSL redirection?
UPDATE: To be clear, I want to make sure the Redirect
circumvents the need for SNI/TLS, especially related to IE6 on WinXP. Seems to work fine in my tests with IE6 on WinXP-SP3 (see comments below the answer marked correct).
Best Answer
Yes, it works the same.
x509v3 includes Subject Alternative Name. Most (all?) issuing CA's will list both
www.example.com
andexample.com
as equivalent alternate names in a cert requested for either. Because of this browsers won't choke on the name when using the same cert in both VirtualHost instances.On a different note, you have:
I would instead recomend:
Because this is SSL after all.