We purchased an SSL certificate for one of our domains. The certificate was issued to www.ourdomain.com. I am having great difficulty writing web.config rewrite rules to force both www and https. The problem is the certificate itself. Again, the certificate was issued to the www variant of our domain. As such it is only valid if www is present in the URL. Currently, I am using the following rule:
<rule name="Redirect to WWW" stopProcessing="true" >'
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www\." negate="true"/>
</conditions>
<action type="Redirect" url="http://ift.tt/1TayYng}" redirectType="Permanent" appendQueryString="false" />
</rule>
<rule name="Redirect to HTTPS">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="OFF"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{HTTP_URL}" redirectType="Permanent" appendQueryString="false" />
</rule>
http ourdomain.com is OK. http www.ourdomain.com is OK. https www.ourdomain.com is OK. https ourdomain.com FAILS with a browser error
I believe it fails because IIS processes SSL before it gets to these rules in the web.config. And because the certificate requires www to be requested, the user browser gets an error. On the error page, you can click "continue anyways" and the web.config rules kick in and force the redirection. Can this be fixed or do I need to buy a new certificate without www in the domain? Other certificates I have installed on the server without www in the domain work for all 4 URL examples.
Aucun commentaire:
Enregistrer un commentaire