Re: Haproxy SSL certificat exception with root
You can't just add mydomain.com to the *.mydomain.com certificate? Not much you can do with HAProxy here. Since the cert is invalid for https://mydomain.com/, users are going to get a SSL error when they connect. On 10/1/13 6:51 AM, Matthieu Boret wrote: Hi, I've setup Haproxy 1.5 dev 19 to handle my http and https traffic. All works fine except when I request the root url in https: https://mydomain.com My certificate is a wildcard *.mydomain.com http://mydomain.com What is the solution to remove this error? An url rewrite and add www? My Haproxy configuration: frontend https-requests mode http bind :80 bind :443 ssl crt ./mydomain.pem force-sslv3 acl is_webfront path_reg ^www||^/$(.*) acl is_api hdr(host) -i api.mydomain.com http://api.mydomain.com use_backend bk_webfront if is_webfront use_backend bk_api if is_api default_backend bk_webfront Thanks Matthieu
Re: Haproxy SSL certificat exception with root
On 1 October 2013 11:51, Matthieu Boret mbore...@gmail.com wrote: Hi, I've setup Haproxy 1.5 dev 19 to handle my http and https traffic. All works fine except when I request the root url in https: https://mydomain.com My certificate is a wildcard *.mydomain.com This happens because your wildcard does *not* match your root/naked/apex/etc domain. In other words, even though it looks like it might, strictly speaking a request for foo.com is not matched by *.foo.com, so the browser rejects the cert. This is a problem commonly experienced when people purchase wildcard certs from a vendor who hasn't added the root domain to the cert in the SaN field. What is the solution to remove this error? The solution is to use a correctly set up cert. You need to talk to your cert provider. They may charge you extra for this. An url rewrite and add www? As David said, there is nothing that HAProxy can do to help here. Regards, Jonathan -- Jonathan Matthews Oxford, London, UK http://www.jpluscplusm.com/contact.html
Re: Haproxy SSL certificat exception with root
Hi David and Jonathan, Thanks a lot for your help. Regards, Matthieu 2013/10/1 Jonathan Matthews cont...@jpluscplusm.com On 1 October 2013 11:51, Matthieu Boret mbore...@gmail.com wrote: Hi, I've setup Haproxy 1.5 dev 19 to handle my http and https traffic. All works fine except when I request the root url in https: https://mydomain.com My certificate is a wildcard *.mydomain.com This happens because your wildcard does *not* match your root/naked/apex/etc domain. In other words, even though it looks like it might, strictly speaking a request for foo.com is not matched by *.foo.com, so the browser rejects the cert. This is a problem commonly experienced when people purchase wildcard certs from a vendor who hasn't added the root domain to the cert in the SaN field. What is the solution to remove this error? The solution is to use a correctly set up cert. You need to talk to your cert provider. They may charge you extra for this. An url rewrite and add www? As David said, there is nothing that HAProxy can do to help here. Regards, Jonathan -- Jonathan Matthews Oxford, London, UK http://www.jpluscplusm.com/contact.html
