Search code examples
sslhttpsmediatemplecsr

SSL and .htaccess force https


I have never done this before

This is my current .htaccess file, I want it to tell the browser to switch to HTTPS.

AddHandler php5-script .php

RewriteEngine on

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule ^(.*)$ index.php?r=$1 [L,QSA]

The website JacoInc.com has a SSL however Chrome gives this message:

The identity of this website has not been verified.
 • Server's certificate does not match the URL.

I don't know why this comes up. Is it because of MediaTemple or something that I'm doing?


Solution

  • This is not a programming question (not for StackOverflow), and the clue is in the error message.

    The certificate for the site you're linking to has the following Subject Alternative Names:

    DNS Name: *.gridserver.com
    DNS Name: gridserver.com
    

    Therefore, it's only valid for these names (see RFC 6125 and RFC 2818):

    If a subjectAltName extension of type dNSName is present, that MUST be used as the identity. Otherwise, the (most specific) Common Name field in the Subject field of the certificate MUST be used. Although the use of the Common Name is existing practice, it is deprecated and Certification Authorities are encouraged to use the dNSName instead.

    Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., .a.com matches foo.a.com but not bar.foo.a.com. f.com matches foo.com but not bar.com.

    This has nothing to do with .htaccess.

    As a side note, redirections via rewrite rules from http:// to https:// only happen after the http:// request has been made. Make sure you stay on https:// once you're on it, don't rely on this for all your links to be turned to https:// automatically.