Redirect Incorrect HTTPS URL requests – Dealing With Wildcard Certificates

Posted: February 16, 2010 in Computers and Internet

I have a 4th-level wildcard SSL certificate to secure one of my web sites. This wildcard certificate does not cover my 3rd-level domain, so I have to use a 4-level domain URL to properly use the certificate. When I need SSL, my proper URL is https://www.mydom.myedu.edu. When I don’t need SSL, I use the URL http://mydom.myedu.edu. A problem can arise when people forget the "www" as the 4th-level when using "https" at the same time – the user’s browser will display a warning that the certificate is not valid (i.e., https://mydom.myedu.edu). The code below for the global.asax file will redirect the browser to the correct SSL URL if the incorrect SSL URL is used when the user first makes an attempt to view the requested web page. Just change the "wrongStartSSLurl" and "goodStartSSLurl" variables for your environment.

As the code below may be mangled, here’s a text file of the code.

–Begin Global.asax file

   1:  <script language="VB" runat="server">
   2:      Sub Session_OnStart()
   3:          'This code is for correcting an issue with wildcard SSL certs
   4:          'when the base domain is not covered by the cert.
   5:          Dim wrongStartSSLurl As String = "https://mydom"
   6:          Dim goodStartSSLurl As String = "https://www.mydom"
   7:          Dim requestedURL As String =HttpContext.Current.Request.Url.ToString()
   8:          Dim startOfRequestedURL As String = Left(requestedURL, Len(wrongStartSSLurl))
   9:          If startOfRequestedURL = wrongStartSSLurl Then
  10:              Dim properSSLurl As String = Replace(requestedURL, wrongStartSSLurl, goodStartSSLurl)
  11:              HttpContext.Current.Response.Redirect(properSSLurl)
  12:          End If
  13:      End Sub
  14:  </script>

—End Global.asax file

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s