Prevent Chrome SSL Domain Mismatch Warning When Redirecting

Jonathan Matthews contact at jpluscplusm.com
Wed Jan 2 21:33:57 UTC 2013


On 2 January 2013 21:16, Chris Irish <supairish at gmail.com> wrote:
> Hello,
>     I have a SSL cert setup for a domain with no subdomain, i.e.
> mydomain.org.  And a server block setup to redirect all https 'www'
> subdomain requests to the non subdomain server block.  This works fine in
> Safari, FF, etc.  But Chrome gives me a certificate domain name mismatch
> warning ( The big red warning screen )  How can I prevent this?  It's like
> Chrome checks the SSL cert name before even following the nginx redirect.

Of course it does. That's how SSL works.

You're serving up the certificate for azcharters.org where browsers
(it's not just Chrome!) are expecting one that identifies itself as
belonging to www.azcharters.org. You need to serve up a certificate
that matches www.azcharters.org in its Common Name (CN) or Subject
Alternative Name (SAN), just for the redirect listener block.

If you only have a single IP to serve both :443 listeners, by the way,
you're out of luck with your current cert. You'd have to find an SSL
vendor who'll sell you a single cert with (say) azcharters.org in the
CN and www.azcharters.org in the SAN. This may be more expensive than
you'd expect and - to be honest - I wouldn't bother.

Regards,
Jonathan
-- 
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html



More information about the nginx mailing list