Search code examples
azurehttp-redirecthttpsweb-config

Does redirecting a secure domain require an ssl certificate on both domains?

I'm hosting a site on Microsoft Azure and I need to add a redirect from the old domain (domain1.com) to a new domain (www.domain2.com). The problem I'm having however is that the redirect works fine on insecure url's :

http://domain1.com -> https://www.domain2.com

http://www.domain1.com -> https://www.domain2.com

However it doesn't work properly on secure url's:

https://domain1.com -> https://www.domain2.com

https://www.domain1.com -> https://www.domain2.com

What happens is that I get a certificate warning i.e. the given certificate isn't valid for this domain. If i accept the warning, the redirect occurs to the new domain just fine.

This shows me everything is working fine, it's just that ssl is negotiated before the redirect occurs in the browser and because there is no ssl certificate on the first domain I get the warning. Is this correct?

Is there something I'm missing here? Is there a better way to do this? Do I need an ssl certificate on both domains?

Here is my web.config file so you can see my configuration:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <!-- Don't show directory listings for URLs which map to a directory. -->
    <directoryBrowse enabled="false" />
    <rewrite>
      <rules>
        <rule name="Protect files and directories from prying eyes" stopProcessing="true">
          <match url="\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$" />
          <action type="CustomResponse" statusCode="403" subStatusCode="0" statusReason="Forbidden" statusDescription="Access is forbidden." />
        </rule>

        <rule name="Force simple error message for requests for non-existent favicon.ico" stopProcessing="true">
          <match url="favicon\.ico" />
          <action type="CustomResponse" statusCode="404" subStatusCode="1" statusReason="File Not Found" statusDescription="The requested file favicon.ico was not found" />
          <conditions>
            <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
          </conditions>
        </rule>

        <!-- Rewrite URLs of the form 'x' to the form 'index.php?q=x'. -->
        <rule name="Short URLs" stopProcessing="true">
          <match url="^(.*)$" ignoreCase="false" />
          <conditions>
            <add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
            <add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
            <add input="{URL}" pattern="^/favicon.ico$" ignoreCase="false" negate="true" />
          </conditions>
          <action type="Rewrite" url="index.php?q={R:1}" appendQueryString="true" />
        </rule>

        <rule name="Redirect old-domain to new-domain" stopProcessing="true" enabled="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTP_HOST}" pattern="^(www.)?domain1.com$" />
          </conditions>
          <action type="Redirect" url="https://www.domain2.com/{R:0}" appendQueryString="true" redirectType="Permanent" />
        </rule>

        <rule name="WWW Rewrite" enabled="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTP_HOST}" negate="true" pattern="^www\." />
            <add input="{HTTP_HOST}" negate="true" pattern="localhost" />
          </conditions>
          <action type="Redirect" url="https://www.domain2.com/{R:0}" appendQueryString="true" redirectType="Permanent" />
        </rule>

        <!-- Force HTTPS Starts -->
        <rule name="Force HTTPS" enabled="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTPS}" pattern="off" ignoreCase="true" />
          </conditions>
          <action type="Redirect" url="https://www.domain2.com/{R:1}" appendQueryString="true" redirectType="Permanent" />
        </rule>
        <!-- Force HTTPS Ends -->

      </rules>
    </rewrite>

    <httpErrors>
      <remove statusCode="404" subStatusCode="-1" />
      <error statusCode="404" prefixLanguageFilePath="" path="/index.php" responseMode="ExecuteURL" />
    </httpErrors>

    <defaultDocument>
      <!-- Set the default document -->
      <files>
        <remove value="index.php" />
        <add value="index.php" />
      </files>
    </defaultDocument>
  </system.webServer>
</configuration>
Solution

  • You will be able to redirect non-secure URL to the HTTP/HTTPs. But you won’t be able to redirect HTTPS URL (https://domain1.com) to any HTTP/HTTPs (https://www.domain2.com) unless you have installed valid SSL certificate.

    http://domain1.com -> https://www.domain2.com [YES, with or without SSL]
http://www.domain1.com -> https://www.domain2.com [YES, with or without SSL]

    And,

    https://domain1.com -> https://www.domain2.com [Required Valid SSL certificate for domain1.com]
https://www.domain1.com -> https://www.domain2.com [Required Valid SSL for domain1.com]

    That’s why you are getting error as ‘the given certificate isn't valid for this domain’ because you have not valid certificate. Please note you have to install SSL certificate on both OLD and NEW domain if you want old URLs to redirect on new HTTPS URLs.