Hello,
I’m looking for a way to redirect ssl traffic from one domain to another, without having a ssl cert for all of them with HAProxy. My current Setup redirecting from http to https is working fine so far.
like this:
https://a.com -> https://a.org
https://b.net -> https://a.org
https://b.org -> https://a.org
There should only one ssl cert for necessary a.org .
Any ideas how this works?
It doesn’t, not without SSL certificates warnings, that’s the entire point of SSL: for you not to be able to intercept website traffic you have no certificate for.
To make it clear - I really just want a clean rfc compliant 301 redirect.
The browser should not show a.org kontent within b.org domain.
I understand, but that doesn’t change anything at all.
Just think about the attack vector: do you really think the WebPKI would allow you to make a clean and nice redirect in a MITM situation from:
https://www.commerzbank.de/
to:
https://www.c0mmerzbank.to/
without showing any certificate warnings? This is exactly what HTTPS is here to avoid.
of course that makes sense. I’m always forget the bad guys.
To look at it another way, the browser checks the TLS certificate at the TLS layer, which is lower than the HTTP layer, before it processes the HTTP response. So it gives a certificate error before it even sees that it is a redirect.