重定向安全域是否需要两个域上的 ssl 证书? [英] Does redirecting a secure domain require an ssl certificate on both domains?

问题描述

我在 Microsoft Azure 上托管一个站点，我需要添加从旧域 (domain1.com) 到新域 (www.domain2.com) 的重定向.然而，我遇到的问题是重定向在不安全的 url 上工作正常:

I'm hosting a site on Microsoft Azure and I need to add a redirect from the old domain (domain1.com) to a new domain (www.domain2.com). The problem I'm having however is that the redirect works fine on insecure url's :

http://domain1.com -> https://www.domain2.com

http://www.domain1.com -> https://www.domain2.com

但是它在安全网址上不能正常工作:

However it doesn't work properly on secure url's:

https://domain1.com -> https://www.domain2.com

https://www.domain1.com -> https://www.domain2.com

结果是我收到证书警告，即给定的证书对该域无效.如果我接受警告，重定向到新域就好了.

What happens is that I get a certificate warning i.e. the given certificate isn't valid for this domain. If i accept the warning, the redirect occurs to the new domain just fine.

这表明我一切正常，只是在浏览器中发生重定向之前协商了 ssl，并且因为第一个域上没有 ssl 证书，所以我收到了警告.这是正确的吗?

This shows me everything is working fine, it's just that ssl is negotiated before the redirect occurs in the browser and because there is no ssl certificate on the first domain I get the warning. Is this correct?

我在这里遗漏了什么吗?有一个更好的方法吗?两个域都需要 ssl 证书吗?

Is there something I'm missing here? Is there a better way to do this? Do I need an ssl certificate on both domains?

这是我的 web.config 文件，所以你可以看到我的配置:

Here is my web.config file so you can see my configuration:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <!-- Don't show directory listings for URLs which map to a directory. -->
    <directoryBrowse enabled="false" />
    <rewrite>
      <rules>
        <rule name="Protect files and directories from prying eyes" stopProcessing="true">
          <match url="\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$" />
          <action type="CustomResponse" statusCode="403" subStatusCode="0" statusReason="Forbidden" statusDescription="Access is forbidden." />
        </rule>

        <rule name="Force simple error message for requests for non-existent favicon.ico" stopProcessing="true">
          <match url="favicon\.ico" />
          <action type="CustomResponse" statusCode="404" subStatusCode="1" statusReason="File Not Found" statusDescription="The requested file favicon.ico was not found" />
          <conditions>
            <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
          </conditions>
        </rule>

        <!-- Rewrite URLs of the form 'x' to the form 'index.php?q=x'. -->
        <rule name="Short URLs" stopProcessing="true">
          <match url="^(.*)$" ignoreCase="false" />
          <conditions>
            <add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
            <add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
            <add input="{URL}" pattern="^/favicon.ico$" ignoreCase="false" negate="true" />
          </conditions>
          <action type="Rewrite" url="index.php?q={R:1}" appendQueryString="true" />
        </rule>

        <rule name="Redirect old-domain to new-domain" stopProcessing="true" enabled="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTP_HOST}" pattern="^(www.)?domain1.com$" />
          </conditions>
          <action type="Redirect" url="https://www.domain2.com/{R:0}" appendQueryString="true" redirectType="Permanent" />
        </rule>

        <rule name="WWW Rewrite" enabled="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTP_HOST}" negate="true" pattern="^www\." />
            <add input="{HTTP_HOST}" negate="true" pattern="localhost" />
          </conditions>
          <action type="Redirect" url="https://www.domain2.com/{R:0}" appendQueryString="true" redirectType="Permanent" />
        </rule>

        <!-- Force HTTPS Starts -->
        <rule name="Force HTTPS" enabled="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTPS}" pattern="off" ignoreCase="true" />
          </conditions>
          <action type="Redirect" url="https://www.domain2.com/{R:1}" appendQueryString="true" redirectType="Permanent" />
        </rule>
        <!-- Force HTTPS Ends -->

      </rules>
    </rewrite>

    <httpErrors>
      <remove statusCode="404" subStatusCode="-1" />
      <error statusCode="404" prefixLanguageFilePath="" path="/index.php" responseMode="ExecuteURL" />
    </httpErrors>

    <defaultDocument>
      <!-- Set the default document -->
      <files>
        <remove value="index.php" />
        <add value="index.php" />
      </files>
    </defaultDocument>
  </system.webServer>
</configuration>

推荐答案

您将能够将非安全 URL 重定向到 HTTP/HTTPs.但是您将无法将 HTTPS URL (https://domain1.com) 重定向到任何 HTTP/HTTPs (https://www.domain2.com)，除非您已安装有效的 SSL 证书.

You will be able to redirect non-secure URL to the HTTP/HTTPs. But you won’t be able to redirect HTTPS URL (https://domain1.com) to any HTTP/HTTPs (https://www.domain2.com) unless you have installed valid SSL certificate.

http://domain1.com -> https://www.domain2.com [YES, with or without SSL]
http://www.domain1.com -> https://www.domain2.com [YES, with or without SSL]

还有，

https://domain1.com -> https://www.domain2.com [Required Valid SSL certificate for domain1.com]
https://www.domain1.com -> https://www.domain2.com [Required Valid SSL for domain1.com]

这就是为什么您收到错误消息给定的证书对于此域无效"，因为您没有有效的证书.请注意，如果您希望旧网址重定向到新的 HTTPS 网址，您必须在旧域和新域上安装 SSL 证书.

That’s why you are getting error as ‘the given certificate isn't valid for this domain’ because you have not valid certificate. Please note you have to install SSL certificate on both OLD and NEW domain if you want old URLs to redirect on new HTTPS URLs.

这篇关于重定向安全域是否需要两个域上的 ssl 证书?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！