Redirect without and SSL certificate

Friscia, Michael michael.friscia at yale.edu
Wed Jul 18 15:49:01 UTC 2018


Thanks, I had not heard of that solution so I will chase it down to see if we can make it work.

As for the response, I assumed that was the case and what’s the point of SSL if there was a way to bypass it…just wishful thinking…

___________________________________________
Michael Friscia
Office of Communications
Yale School of Medicine
(203) 737-7932 - office
(203) 931-5381 - mobile
http://web.yale.edu<http://web.yale.edu/>


From: Jeff Abrahamson <jeff at p27.eu>
Date: Wednesday, July 18, 2018 at 11:33 AM
To: "nginx at nginx.org" <nginx at nginx.org>, Michael Friscia <michael.friscia at yale.edu>
Subject: Re: Redirect without and SSL certificate


Could you use letsencrypt to manage all those certs?

What you want can't work: the client makes an SSL request, you respond (with a 301), the client detects that the interaction was not properly authenticated, and so complains to the user.  It's out of your hands, which is the whole point of SSL identity validation.

Jeff Abrahamson

+33 6 24 40 01 57

+44 7920 594 255



http://p27.eu/jeff/<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fp27.eu%2Fjeff%2F&data=02%7C01%7Cmichael.friscia%40yale.edu%7C76bf97821b3641ac86b108d5ecc3c106%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C1%7C636675247868657631&sdata=tR58%2BgB0inO4qZGFCdlELdxkAfo8BchQPz9DTyV40yw%3D&reserved=0>

On 18/07/18 17:10, Friscia, Michael wrote:
We have a problem where we have a large number of vanity domain names that are redirected. For example we have surgery.yale.edu which redirects to medicine.yale.edu/surgery. This works fine until someone tries to request https://surgery.yale.edu<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsurgery.yale.edu&data=02%7C01%7Cmichael.friscia%40yale.edu%7C76bf97821b3641ac86b108d5ecc3c106%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C1%7C636675247868667639&sdata=qwDKeX5GvEA%2B5IOlcCrFU6L9ejr9CvIXOeFHiTfKyl0%3D&reserved=0>. For administrative reasons, I cannot get a wildcard certificate to handle *.yale.edu and make this simple to solve.

My question is if there is any way to redirect a request listening on port 80 and 443 but bypass the SSL certificate warning so it will redirect? I would assume the order of operation with HTTPS is to first validate the certificate but I really want the 301 redirect to take place before the SSL cert is verified.

I’m open to ideas but we are limited in what we can actually do so as it stands the only solution we have is to request a certificate for each of the 600+ domains.

___________________________________________
Michael Friscia
Office of Communications
Yale School of Medicine
(203) 737-7932 - office
(203) 931-5381 - mobile
http://web.yale.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fweb.yale.edu%2F&data=02%7C01%7Cmichael.friscia%40yale.edu%7C76bf97821b3641ac86b108d5ecc3c106%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C1%7C636675247868677641&sdata=jYnt1Oc61biVZZbwry7fosFHMPTvtKx4oeUscsuCT1Y%3D&reserved=0>





_______________________________________________

nginx mailing list

nginx at nginx.org<mailto:nginx at nginx.org>

http://mailman.nginx.org/mailman/listinfo/nginx<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmailman.nginx.org%2Fmailman%2Flistinfo%2Fnginx&data=02%7C01%7Cmichael.friscia%40yale.edu%7C76bf97821b3641ac86b108d5ecc3c106%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C1%7C636675247868687649&sdata=1c0sCiU0cQeG5qTYTJ6%2B%2B7crlVoxGpiCT5mnz8BdJcQ%3D&reserved=0>



--



Jeff Abrahamson

+33 6 24 40 01 57

+44 7920 594 255



http://p27.eu/jeff/<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fp27.eu%2Fjeff%2F&data=02%7C01%7Cmichael.friscia%40yale.edu%7C76bf97821b3641ac86b108d5ecc3c106%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C1%7C636675247868697669&sdata=5o%2FHq6Vh%2FVP4XgFwijJYYjh5Uey7xGiIRI7ie%2FPnzzc%3D&reserved=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180718/24eb4ce7/attachment.html>


More information about the nginx mailing list