I've been Googling for this question, and ironically annoyingly I can't find a concrete answer. I've answered this question myself in the past, and now I can't remember my own explanation.
Several times a year, someone will ask me to do this. I'd like to point them to some sort of respectable article which explains this.
I want to take the URL at https://www.example.com/ and redirect the traffic to https://www.example2.com/ .
I believe this should be technically possible, but is undesired. What is wrong with this method? Will browsers get a security popup since I am redirecting them to another site? Can anyone provide a link to some respectable documentation which explains this?
Best Answer
You can do this, both sites need to have a valid SSL certificate. This way browsers won't give a security pop-up. If both sites exist at the same server however, both domains need to be hosted from different IP addresses.
A web server looks at the "Host" header in the HTTP request to see which site it needs to serve. The SSL negotiation happens before the HTTP request is sent, so at that point the web server can't tell which website it will display. It will always send the same certificate to the browser.
There are two ways to work around this:
Note it's perfectly possible to attach multiple IP addresses to the same network adapter, it's just that you need a second IP address available in your IP address space.
Update: Nowadays, you can run multiple SSL sites at a single IP. To enable this, configure SNI support at your web server. Most modern browsers (except windows XP, and Android 2) support this.