问题描述
问题
我目前遇到的问题是 https://domain.com 无法重定向到 https://www.domain.com ,并显示不受信任的ssl证书.
I currently have the problem where https://domain.com does not redirect to https://www.domain.com and shows an untrusted ssl certificate.
这与"ruby-on-rails"解决方案有关在force_ssl之前重定向到"www"
This is Related to which is a ruby-on-rails solutionredirect to 'www' before force_ssl
问题
在SSL要求生效之前,是否可以重定向到www域?
Is there a way to redirect to the www domain before the SSL requirement kicks in?
我正在使用PHP.
推荐答案
HTTPS是基于TLS/SSL的HTTP(请参见 RFC 2818 ),它会在发送任何HTTP流量之前首先建立SSL/TLS连接.建立SSL/TLS连接后,任何重定向(通过mod_rewrite
,自定义PHP代码或其他方式)将始终适用.
HTTPS is HTTP over TLS/SSL (see RFC 2818), which first establishes the SSL/TLS connection before any HTTP traffic is sent. Any redirection (via mod_rewrite
, custom PHP code or other) will always apply after the SSL/TLS connection is established.
不这样做实际上是一个安全问题,因为攻击者可以在验证证书之前重写并重定向客户端.
Not doing so would actually be a security issue, since an attacker could rewrite and redirect the client before the certificate has been verified.
如果要从https://domain.com
重定向到https://www.domain.com
,则从https://domain.com
获得的证书必须对domain.com
有效(然后,从https://www.domain.com
获得的证书必须对www.domain.com
有效)
If you want to redirect from https://domain.com
to https://www.domain.com
, the certificate obtained for https://domain.com
must be valid for domain.com
(and then, the certificate obtained for https://www.domain.com
must be valid for www.domain.com
).
(如果两个主机使用相同的IP地址,则可以在服务器名称指示中使用两个不同的证书,但这相当复杂.)
(You could use two different certificates with Server Name Indication if the two hosts are served on the same IP address, but this is rather convoluted.)
最简单的方法是获取同时对domain.com
和www.domain.com
有效的证书.可以使用具有多个使用者备用名称"条目的单个证书来完成此操作.大多数CA应该能够颁发此类证书.有些可以免费使用.
The easiest would be to obtain a certificate that's valid for both domain.com
and www.domain.com
. This can be done using a single certificate with multiple Subject Alternative Name entries. Most CAs should be able to issue such certificates. Some do it without additional fee.
这篇关于在要求SSL之前重定向到"www"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!