0

Here's the situation... client's firm was at url https://client.com.

Client added a partner and got a new business name and domain: client-partner.com.

I built a new site for client-partner.com and hosted it in the same hosting account as client.com. When client-partner.com went live, I re-keyed client.com's SSL certificate for client-partner.com with the plan of 301 redirecting all the client.com pages to the new pages on client-partner.com site.

The problem is that all the inbound links to pages on client.com are https. But client.com no longer has a certificate... it's now on client-partners.com. Clicking an old link to https://client.com shows that browser error that the page is not secure. The user has to add an exception in order to get through the error and get redirected to the proper page on https://client-partner.com.

Is there any way, perhaps with htaccess, to redirect all the incoming requests for https://client.com to http://client.com so that they can be properly 301 redirected to the new pages without the browser error?

danzo
  • 301
  • 1
  • 5
  • 18

3 Answers3

1

You'll need a certificate for client.com in order to do this. Using SNI (server name indication), you can have two separate certificates on the same IP. Alternatively, you can buy a certificate with both names in it.

If you could redirect without having a certificate for client.com, an attacker could use DNS cache poisoning or some other attack and take over your site.

Sam Hartman
  • 6,210
  • 3
  • 23
  • 40
0

It is necessary to make changes in the DNS, namely add an alias (CNAME) Example:

client.com. CNAME client-partner.com.
soft87
  • 482
  • 2
  • 16
0

So you have plans to move everything to client-partners.com but applied the ssl change before the final move is complete, then a redirect in htaccess is your best way, this has been answered here:

Https to http redirect using htaccess

RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

This however will not fix the browser privacy error, as when an HTTPS page is requested, the first thing in the communication process is to establish an encrypted TCP connection, once this is complete the data transfer begins, including requested page.

The only way to avoid that error is of course getting a new certificate, you could get a free SSL for client.com from Lets Encrypt.

Hugo Avila
  • 46
  • 5