We currently have a website set to redirect to a new address (our client changed domain names, but wants the old domain to send people to the new site) in IIS 8.5 using permanant redirects found in the 'HTTP Redirect' feature for the site.
The SSL cert has come up for renewal for the old domain, and there is an open question in our tech department as to whether or not it needs to be renewed.
With the HTTP Redirect set up in IIS, does the site need an SSL cert? Or will a visitor be redirected before such things are checked?
Best Answer
A redirect from http://old.example.com to https://new.example.com does not require a certificate for
old.example.com. But a redirect from https://old.example.com to https://new.example.com does.If people's bookmarks or search engine search results or other external links point to the https site, you better renew the cert. If you merely assume that people type
old.example.cominto their browser, you may not need it. (However, if they were on your site before and the browser autocompletes to the https-url, you still need it).As I understand you already have the redirection in place for some time, the best thing to check (as Tim Brigham already said) your web logs and evaluate whether it is worth the hassle. Then again, even if for some reason you need an expensive cert for your main site (for example, with Extended Validation), the redirecting site should be fine with one of the generally accepted free certs (startssl, letsencrypt, ...)