Redirect https to another https

Solution 1:

You can do this, both sites need to have a valid SSL certificate. This way browsers won't give a security pop-up. If both sites exist at the same server however, both domains need to be hosted from different IP addresses.

A web server looks at the "Host" header in the HTTP request to see which site it needs to serve. The SSL negotiation happens before the HTTP request is sent, so at that point the web server can't tell which website it will display. It will always send the same certificate to the browser.

There are two ways to work around this:

  • Have a wildcard certificate for *.example.com, so all subdomains can share the same certificate.
  • Run each SSL site at a different IP address. This way, the web server knows which SSL certificate it can send to the browser, by inspecting the IP address which received the incoming connection.

Note it's perfectly possible to attach multiple IP addresses to the same network adapter, it's just that you need a second IP address available in your IP address space.

Update: Nowadays, you can run multiple SSL sites at a single IP. To enable this, configure SNI support at your web server. Most modern browsers (except windows XP, and Android 2) support this.

Solution 2:

I've never tried this so I don't speak from concrete experience, but it should work. You will need to have a valid SSL certificate for https://www.example.com as the hostname is encrypted inside the HTTP header so your server won't know to redirect until it's decrypted. After that it should redirect as it would a normal HTTP request.


Solution 3:

Why would this be undesired?

As an example, Big Bank and Little Bank both run sites on https to give the customers a happy secure feeling. Big Bank buys Little Bank. At some point the IT people will set up a redirect for https://www.littlebank.com to https://www.bigbank.com. This is a legitimate reason to redirect from https to https.

This should work fine.

Tags:

Https