<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Thanks, I had not heard of that solution so I will chase it down to see if we can make it work.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">As for the response, I assumed that was the case and what’s the point of SSL if there was a way to bypass it…just wishful thinking…<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546A">___________________________________________<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546A">Michael Friscia<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546A">Office of Communications<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546A">Yale School of Medicine<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546A">(203) 737-7932 - office<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546A">(203) 931-5381 - mobile<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546A"><a href="http://web.yale.edu/"><span style="color:#44546A">http://web.yale.edu</span></a><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:black">From: </span></b><span style="color:black">Jeff Abrahamson <jeff@p27.eu><br>
<b>Date: </b>Wednesday, July 18, 2018 at 11:33 AM<br>
<b>To: </b>"nginx@nginx.org" <nginx@nginx.org>, Michael Friscia <michael.friscia@yale.edu><br>
<b>Subject: </b>Re: Redirect without and SSL certificate<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
</div>
<p>Could you use letsencrypt to manage all those certs?<o:p></o:p></p>
<p>What you want can't work: the client makes an SSL request, you respond (with a 301), the client detects that the interaction was not properly authenticated, and so complains to the user. It's out of your hands, which is the whole point of SSL identity validation.<o:p></o:p></p>
<pre>Jeff Abrahamson<o:p></o:p></pre>
<pre>+33 6 24 40 01 57<o:p></o:p></pre>
<pre>+44 7920 594 255<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fp27.eu%2Fjeff%2F&data=02%7C01%7Cmichael.friscia%40yale.edu%7C76bf97821b3641ac86b108d5ecc3c106%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C1%7C636675247868657631&sdata=tR58%2BgB0inO4qZGFCdlELdxkAfo8BchQPz9DTyV40yw%3D&reserved=0">http://p27.eu/jeff/</a><o:p></o:p></pre>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 18/07/18 17:10, Friscia, Michael wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:11.0pt">We have a problem where we have a large number of vanity domain names that are redirected. For example we have surgery.yale.edu which redirects to medicine.yale.edu/surgery. This works fine until someone tries
to request <a href="https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsurgery.yale.edu&data=02%7C01%7Cmichael.friscia%40yale.edu%7C76bf97821b3641ac86b108d5ecc3c106%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C1%7C636675247868667639&sdata=qwDKeX5GvEA%2B5IOlcCrFU6L9ejr9CvIXOeFHiTfKyl0%3D&reserved=0">
https://surgery.yale.edu</a>. For administrative reasons, I cannot get a wildcard certificate to handle *.yale.edu and make this simple to solve.
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">My question is if there is any way to redirect a request listening on port 80 and 443 but bypass the SSL certificate warning so it will redirect? I would assume the order of operation with HTTPS is to first
validate the certificate but I really want the 301 redirect to take place before the SSL cert is verified.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">I’m open to ideas but we are limited in what we can actually do so as it stands the only solution we have is to request a certificate for each of the 600+ domains.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546A">___________________________________________</span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546A">Michael Friscia</span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546A">Office of Communications</span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546A">Yale School of Medicine</span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546A">(203) 737-7932 - office</span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546A">(203) 931-5381 - mobile</span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546A"><a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fweb.yale.edu%2F&data=02%7C01%7Cmichael.friscia%40yale.edu%7C76bf97821b3641ac86b108d5ecc3c106%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C1%7C636675247868677641&sdata=jYnt1Oc61biVZZbwry7fosFHMPTvtKx4oeUscsuCT1Y%3D&reserved=0"><span style="color:#44546A">http://web.yale.edu</span></a></span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><br>
<br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>nginx mailing list<o:p></o:p></pre>
<pre><a href="mailto:nginx@nginx.org">nginx@nginx.org</a><o:p></o:p></pre>
<pre><a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmailman.nginx.org%2Fmailman%2Flistinfo%2Fnginx&data=02%7C01%7Cmichael.friscia%40yale.edu%7C76bf97821b3641ac86b108d5ecc3c106%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C1%7C636675247868687649&sdata=1c0sCiU0cQeG5qTYTJ6%2B%2B7crlVoxGpiCT5mnz8BdJcQ%3D&reserved=0">http://mailman.nginx.org/mailman/listinfo/nginx</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span style="font-size:11.0pt"><br>
<br>
<o:p></o:p></span></p>
<pre>-- <o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Jeff Abrahamson<o:p></o:p></pre>
<pre>+33 6 24 40 01 57<o:p></o:p></pre>
<pre>+44 7920 594 255<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fp27.eu%2Fjeff%2F&data=02%7C01%7Cmichael.friscia%40yale.edu%7C76bf97821b3641ac86b108d5ecc3c106%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C1%7C636675247868697669&sdata=5o%2FHq6Vh%2FVP4XgFwijJYYjh5Uey7xGiIRI7ie%2FPnzzc%3D&reserved=0">http://p27.eu/jeff/</a><o:p></o:p></pre>
</div>
</body>
</html>