Site redirection with SSL
by Volker Weber
Try this little experiment. Type in these three addresses into the address bar of your browser. Don't forget the s, because that gives you a secure connection. All three sites try the same trick. Only two succeed.
Comments
All three redirect to a https site with german content.
Apple to https://www.apple.com/de/
IBM to https://www.ibm.com/de-de/
MS to https://www.microsoft.com/de-de
And all keep https. So i really don't know what you were expecting.
@Dirk
Do it with Safari and you’ll see what Volker meant.
Or Chrome....
Try the same experiment with top level domain '.fr' ...
Ok, thanks, with Safari i see what vowe means. That's really a bad config.
Well, I could not be surprised less. It is all fitting into the big picture...
So what is "the trick" - save me searching to find out what is not working for IBM...
I never had that problem with websites I have set up that use https://...
Am I lucky or what?
They're directing that URL to a server with a certificate that failed to include *.ibm.de in its digitally-signed list of common names.
Ah - OK, Richard. Thanks!
John, if your browser does not warn you about the wrong certificate, I would not trust it with any business.
I use Chrome -it warns me, but I didn't understand why I was getting a warning for IBM. in other words, I didn't understand HOW IBM had screwed up.
Good. And you are not alone. One IBMer told me I need to upgrade my operating system. ;-)
A more detailed explanation: https://blog.dnsimple.com/2016/08/https-redirects/
... because everyone should go out and buy a valid .de cert.
I am sure somebody at IBM knows that. But they cannot afford a certificate for ibm.de.
Under the hood even apple is broken and breaks the transport layer security chain:
* httpS://apple.de redirects you to http://apple.com/de/ (withous SSL)
* http://apple.com/de/ (without SSL) redirects you to http://www.apple.com/de/ (without SSL)
* http://www.apple.com/de/ (without SSL) redirects you to httpS://www.apple.com/de/
'curl -i' is a great tool to inspect redirects and url shorteners.
Stefan, https://apple.de redirects correctly, as least now. Maybe Apple reads vowe.net??
John, might depend on your location and the Apple's CDN endpoint. In Paris, Amsterdam and Berlin it looks like:
$ dig +short apple.de
17.178.96.102
17.142.160.89
17.172.224.108
$ curl -i https://apple.de
HTTP/1.1 301 Moved Permanently
Server: Apache
Date: Tue Jun 1 12:48:03 PDT 1999 PDT
Referer: http://apple.com/
Location: http://www.apple.com/de/