|
Weird redirect question November 21, 2018 03:23AM |
Registered: 7 years ago Posts: 5 |
Hi all!
I'm trying to figure out if I'm doing something wrong, or if this is normal behavior. I have site aaa.fi which redirects to https://www.bbb.fi , meaning from HTTP to HTTPS. Certificate is for site bbb.fi. This works fine.
However, if I type https://aaa.fi -> browser (chrome) tells me that connection is not secure and it doesn't redirect to site https://www.bbb.fi, which it should.
Hopefully I managed to explain this in an understandable manner. So could someone more experienced tell me if this is expected behavior or is my configuration wrong?
Here's sites conf file (obfuscated for security purposes):
server {
listen 80;
server_name bbb.fi;
access_log /PATH/aaa.fi.access.log combined;
return 301 https://www.aaa.fi$request_uri;
}
server {
listen 80;
server_name www.bbb.fi;
access_log /PATH/aaa.fi.access.log combined;
return 301 https://www.aaa.fi$request_uri;
}
server {
listen 443;
server_name bbb.fi www.bbb.fi;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 60m;
ssl_certificate /PATH;
ssl_certificate_key /PATH;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_dhparam /PATH;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /PATH.crt;
resolver 213.140.164.26 212.149.120.42;
access_log /PATH/aaa.fi.access.log combined;
return 301 https://www.aaa.fi$request_uri;
}
I'm trying to figure out if I'm doing something wrong, or if this is normal behavior. I have site aaa.fi which redirects to https://www.bbb.fi , meaning from HTTP to HTTPS. Certificate is for site bbb.fi. This works fine.
However, if I type https://aaa.fi -> browser (chrome) tells me that connection is not secure and it doesn't redirect to site https://www.bbb.fi, which it should.
Hopefully I managed to explain this in an understandable manner. So could someone more experienced tell me if this is expected behavior or is my configuration wrong?
Here's sites conf file (obfuscated for security purposes):
server {
listen 80;
server_name bbb.fi;
access_log /PATH/aaa.fi.access.log combined;
return 301 https://www.aaa.fi$request_uri;
}
server {
listen 80;
server_name www.bbb.fi;
access_log /PATH/aaa.fi.access.log combined;
return 301 https://www.aaa.fi$request_uri;
}
server {
listen 443;
server_name bbb.fi www.bbb.fi;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 60m;
ssl_certificate /PATH;
ssl_certificate_key /PATH;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_dhparam /PATH;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /PATH.crt;
resolver 213.140.164.26 212.149.120.42;
access_log /PATH/aaa.fi.access.log combined;
return 301 https://www.aaa.fi$request_uri;
}
|
Re: Weird redirect question November 21, 2018 05:46AM |
Admin Registered: 11 years ago Posts: 1,297 |
|
Re: Weird redirect question November 21, 2018 06:26AM |
Registered: 7 years ago Posts: 5 |
itpp2012 Wrote:
-------------------------------------------------------
> In your 443 block your doing a "return 301
> https://www.aaa.fi$request_uri; " again.
Yes, the idea is that if you navigate to bbb.fi OR www.bbb.fi , it will redirect to https://aaa.fi . This https://aaa.fi has certificate. bbb.fi does not have certificate. Is there something wrong in that 443 config?
-------------------------------------------------------
> In your 443 block your doing a "return 301
> https://www.aaa.fi$request_uri; " again.
Yes, the idea is that if you navigate to bbb.fi OR www.bbb.fi , it will redirect to https://aaa.fi . This https://aaa.fi has certificate. bbb.fi does not have certificate. Is there something wrong in that 443 config?
|
Re: Weird redirect question November 21, 2018 11:52AM |
Admin Registered: 11 years ago Posts: 1,297 |
|
Re: Weird redirect question November 22, 2018 08:56AM |
Registered: 7 years ago Posts: 5 |
itpp2012 Wrote:
-------------------------------------------------------
> I see now, the problem is the certificate which chrome complains
> about.
> Look for chrome details in a tab/button you could press to get more
> details.
> Or use debug mode in firefox.
Thank you for suggestion! I navigated to https://bbb.fi (which should've redirect to https://aaa.fi) and got an error: NET::ERR_CERT_COMMON_NAME_INVALID
I clicked more details and from here: https://support.google.com/chrome/answer/6098869#-200 I can see the error message which I got (ERR_CERT_COMMON_NAME_INVALID)
Here's browsers suggestions to resolve problem:
If the error mentions HSTS, privacy certificates, or invalid names, try the steps below:
Step 1: Sign in to the portal
Wi-Fi networks at places like cafes or airports need you to sign in. To see the sign-in page, visit a page that uses http://.
Go to any website starting with http://, like http://example.com.
On the sign-in page that opens, sign in to use the internet.
Step 2: Open the page in Incognito mode (computer only)
Open the page you were visiting in an Incognito window.
If the page opens, a Chrome extension isn't working right. To fix the error, turn off the extension. Learn how to turn off Chrome extensions.
Step 3: Update your operating system
Make sure your device is up-to-date on Windows, Mac, or another operating system.
Step 4: Temporarily turn off your antivirus
You'll see this error if you have antivirus software that provides "HTTPS protection" or "HTTPS scanning." The antivirus is preventing Chrome from providing security.
To fix the problem, turn off your antivirus software. If the page works after turning off the software, turn off this software when you use secure sites.
Remember to turn your antivirus program back on when you're done.
Step 5: Get extra help
If you still see the error, contact the website owner. You can also get more help on the Chrome Help Forum.
Option 1 is not solution.
Option 2 gave same error than browser in normal mode.
Option 3 didn't resolve problem.
Option 4 didn't change anything and I wouldn't ever suggest this.
Option 5 I am website owner and I don't know what to do *lol*
So unfortunately this didn't help.
-------------------------------------------------------
> I see now, the problem is the certificate which chrome complains
> about.
> Look for chrome details in a tab/button you could press to get more
> details.
> Or use debug mode in firefox.
Thank you for suggestion! I navigated to https://bbb.fi (which should've redirect to https://aaa.fi) and got an error: NET::ERR_CERT_COMMON_NAME_INVALID
I clicked more details and from here: https://support.google.com/chrome/answer/6098869#-200 I can see the error message which I got (ERR_CERT_COMMON_NAME_INVALID)
Here's browsers suggestions to resolve problem:
If the error mentions HSTS, privacy certificates, or invalid names, try the steps below:
Step 1: Sign in to the portal
Wi-Fi networks at places like cafes or airports need you to sign in. To see the sign-in page, visit a page that uses http://.
Go to any website starting with http://, like http://example.com.
On the sign-in page that opens, sign in to use the internet.
Step 2: Open the page in Incognito mode (computer only)
Open the page you were visiting in an Incognito window.
If the page opens, a Chrome extension isn't working right. To fix the error, turn off the extension. Learn how to turn off Chrome extensions.
Step 3: Update your operating system
Make sure your device is up-to-date on Windows, Mac, or another operating system.
Step 4: Temporarily turn off your antivirus
You'll see this error if you have antivirus software that provides "HTTPS protection" or "HTTPS scanning." The antivirus is preventing Chrome from providing security.
To fix the problem, turn off your antivirus software. If the page works after turning off the software, turn off this software when you use secure sites.
Remember to turn your antivirus program back on when you're done.
Step 5: Get extra help
If you still see the error, contact the website owner. You can also get more help on the Chrome Help Forum.
Option 1 is not solution.
Option 2 gave same error than browser in normal mode.
Option 3 didn't resolve problem.
Option 4 didn't change anything and I wouldn't ever suggest this.
Option 5 I am website owner and I don't know what to do *lol*
So unfortunately this didn't help.
|
Re: Weird redirect question November 26, 2018 04:48AM |
Registered: 7 years ago Posts: 5 |
Sorry, only registered users may post in this forum.
Online Users
Guests:
256
Record Number of Users:
8
on April 13, 2023
Record Number of Guests:
421
on December 02, 2018
This forum is powered by Phorum.
 |
 |
 |
 |
|