Jump to content

Forwarding SSL domain to another SSL domain, while removing SSL on the first one


pioneerx01

Recommended Posts

I have two domains both running SSL. Let's call them old-domain and new-domain. old-domain is permanently redirecting traffic to new-domain. There are still a lot of links out there to old-domain with https://. If I were to remove SSL from old-domain but keep SSL on new-domain, I am betting that users will be getting some sort of certificate error. Right? Any way around that if I want to remove SSL from old-domain?

Link to comment
Share on other sites

If I were to remove SSL from old-domain but keep SSL on new-domain, I am betting that users will be getting some sort of certificate error. Right?

If you were to remove the existing "good" certificate and put in a self-signed "bad" certificate, yes. You can't actually remove SSL and have https work.

 

Any way around that if I want to remove SSL from old-domain?

Nope. Can't have https without SSL. Users have to be able to connect to the server, send a request, and receive the response which tells them to go to new-domain. Edited by requinix
Link to comment
Share on other sites

The whole point of HTTPS is to make sure that the client actually gets the site they requested (or nothing at all). If anybody could simply trigger a redirect to a different site, then the protocol would be rather useless. Just think about it: “You want https://www.paypal.com? Nah, I'll redirect you to https://paypal.phishing.ru instead”. That obviously wouldn't be acceptable.

 

It doesn't matter how many new domains you have: If a client visits the old domain, you either have to present a valid certificate for that domain, or they'll get a big red warning.

 

I strongly recommend that you learn the basics of HTTPS before you take any further steps. Distributing “https://” URLs to a temporary domain wasn't very smart, because now you need certificates for that old domain for the entire lifetime of the content.

 

All you can do now is either get a free certificate from StartCom each year or wait for the Let's Encrypt campaign which is supposed to provide free certificates through an automated procedure.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.