logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Subdomain and certificate conf
Author
Mox



Joined: 14 Sep 2021
Posts: 8

PostPosted: Wed 29 Jun '22 10:26    Post subject: Subdomain and certificate conf Reply with quote

My site example.com has an SSL certificate for example.com and www.example.com and 000-default.conf file is set like this:
Code:

<VirtualHost *:80>
    ServerAdmin admin@example.com
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example.com
    Redirect / https://www.example.com/
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin admin@example.com
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example.com
    SSLEngine on
    SSLCertificateKeyFile /SSL/MyServer.key
    SSLCertificateFile /SSL/www_example_com.crt
    SSLCertificateChainFile /SSL/My_CA_Bundle.ca-bundle
</VirtualHost>


That is working fine, but I have a problem with subdomain sub.example.com
When you enter in browser https://sub.example.com you get warning about invalid certificate.
I want to ban access to https://sub.example.com and only allow http://sub.example.com
How to do that?

Current sub.example.com.conf file looks like this:

Code:

<VirtualHost *:80>
    ServerAdmin admin@example.com
    ServerName sub.example.com
    ServerAlias sub.example.com
    DocumentRoot /var/www/sub.example.com
</VirtualHost>
Back to top
tangent
Moderator


Joined: 16 Aug 2020
Posts: 346
Location: UK

PostPosted: Sat 02 Jul '22 15:20    Post subject: Re: Subdomain and certificate conf Reply with quote

Mox wrote:
I want to ban access to https://sub.example.com and only allow http://sub.example.com
How to do that?

You can't control what URL users put in their browser, and browsers now default to https over http, so as described believe your site is going to get hit with requests for https://sub.example.com.

So the obvious question is why not set up a further secure virtual host for https://sub.example.com (using a SAN entry for the subdomain in your site certificate).

If you really have to serve non-secure content via http://sub.example.com, then you could always redirect from the secure virtual host to the non-secure one, unintuitive as that seems.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7360
Location: Germany, Next to Hamburg

PostPosted: Sun 03 Jul '22 15:54    Post subject: Reply with quote

Side note: Please mind not to use Strict-Transport-Security otherwise you will no be able to go back to http:// protocol
Back to top


Reply to topic   Topic: Subdomain and certificate conf View previous topic :: View next topic
Post new topic   Forum Index -> Apache