https canonical to https non-canonical

Hello everyone,
I have a question and hoping someone might have the answer for it.  I have a web server hosting 3 web sites all using SSL.  I have a SAN SSL supporting each of the sites.  The sites are in the Cert as www.mydomain.com, www.mydomain1.com, ect.  
What I am trying to do, is get it if someone types in the canonical address of https://mydomain.com i can redirect it to https://www.mydomain.com.  The reasoning behind this is that when they use the cononical address, they get a certificate error stating the site is not trusted.  
I could get a refund on the cert and get another SAN cert that will allow 10 host names but that would mean defeat and I am not willing to do that yet.  I know it can be done, as I have seen it happen on bank sites, unfortunately I am not sure how this is done.  I have tried many a things to redirect and rewrite with no luck.  
The web server is IIS 7.5.  Any and all help will be greatly appreciated.
Thank you
Linear-ITAsked:
Who is Participating?
 
Dave BaldwinConnect With a Mentor Fixer of ProblemsCommented:
You can only do a redirect AFTER the connection is made.  That means you have to have a cert for or that includes the domain name that you want to redirect from.
0
 
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
Or a 301 redirect via web.config

I use alphassl/globalsign https://www.globalsign.com/ssl/domain-ssl/features.html and the cert works both www and naked. (alphassl is the cheap brand same company http://www.alphassl.com )

A wildcard ssl allows any subdomain.

If the redirect does not work, and you know the easy solution is... "I could get a refund on the cert and get another SAN cert...."  Why not just do that?  See if anybody else has a quick fix.
0
 
Dave BaldwinFixer of ProblemsCommented:
Or a 301 redirect via web.config
Nope.  You can not redirect from HTTPS to HTTP without a cert for the first domain name.  In HTTPS, the connection is negotiated before Anything else.  No cert, no connection, no redirect.

Wildcards are kind of expensive last time I checked.
0
 
Linear-ITAuthor Commented:
After more research I found this to be true.  I was hoping I was going to find another way but alas that is not the case.  Thank you!
0
 
Dave BaldwinFixer of ProblemsCommented:
You're welcome, glad to help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.