Site redirection with SSL

by Volker Weber

Sketch

Try this little experiment. Type in these three addresses into the address bar of your browser. Don't forget the s, because that gives you a secure connection. All three sites try the same trick. Only two succeed.

Comments

All three redirect to a https site with german content.

Apple to https://www.apple.com/de/
IBM to https://www.ibm.com/de-de/
MS to https://www.microsoft.com/de-de

And all keep https. So i really don't know what you were expecting.

Dirk Steins, 2017-11-11

@Dirk

Do it with Safari and you’ll see what Volker meant.

Stefan Dorscht, 2017-11-11

Or Chrome....

Scott Hanson, 2017-11-11

Try the same experiment with top level domain '.fr' ...

Olav Brinkmann, 2017-11-11

Ok, thanks, with Safari i see what vowe means. That's really a bad config.

Dirk Steins, 2017-11-11

Well, I could not be surprised less. It is all fitting into the big picture...

Hubert Stettner, 2017-11-11

So what is "the trick" - save me searching to find out what is not working for IBM...

I never had that problem with websites I have set up that use https://...
Am I lucky or what?

John Keys, 2017-11-11

They're directing that URL to a server with a certificate that failed to include *.ibm.de in its digitally-signed list of common names.

Richard Schwartz, 2017-11-11

Ah - OK, Richard. Thanks!

John Keys, 2017-11-11

John, if your browser does not warn you about the wrong certificate, I would not trust it with any business.

Volker Weber, 2017-11-11

I use Chrome -it warns me, but I didn't understand why I was getting a warning for IBM. in other words, I didn't understand HOW IBM had screwed up.

John Keys, 2017-11-11

Good. And you are not alone. One IBMer told me I need to upgrade my operating system. ;-)

Volker Weber, 2017-11-11

A more detailed explanation: https://blog.dnsimple.com/2016/08/https-redirects/

Thomas Odorfer, 2017-11-12

... because everyone should go out and buy a valid .de cert.

Craig Wiseman, 2017-11-12

I am sure somebody at IBM knows that. But they cannot afford a certificate for ibm.de.

Volker Weber, 2017-11-12

Under the hood even apple is broken and breaks the transport layer security chain:

* httpS://apple.de redirects you to http://apple.com/de/ (withous SSL)
* http://apple.com/de/ (without SSL) redirects you to http://www.apple.com/de/ (without SSL)
* http://www.apple.com/de/ (without SSL) redirects you to httpS://www.apple.com/de/

'curl -i' is a great tool to inspect redirects and url shorteners.

Stefan Funke, 2017-11-14

Stefan, https://apple.de redirects correctly, as least now. Maybe Apple reads vowe.net??

John Keys, 2017-11-14

John, might depend on your location and the Apple's CDN endpoint. In Paris, Amsterdam and Berlin it looks like:

$ dig +short apple.de
17.178.96.102
17.142.160.89
17.172.224.108

$ curl -i https://apple.de
HTTP/1.1 301 Moved Permanently
Server: Apache
Date: Tue Jun 1 12:48:03 PDT 1999 PDT
Referer: http://apple.com/
Location: http://www.apple.com/de/

Stefan Funke, 2017-11-15

Recent comments

Marco Schirmer on Plantronics 6200 UC haben sich bewährt at 16:34
Volker Weber on Und was ist mit den alten Headsets? at 22:28
Ragnar Schierholz on Und was ist mit den alten Headsets? at 22:26
Thomas Traub on AutoSleep Tracking mit der Apple Watch at 21:43
Nina Wittich on Und was ist mit den alten Headsets? at 17:51
Volker Weber on Und was ist mit den alten Headsets? at 15:40
Mario Plötner on Und was ist mit den alten Headsets? at 13:23
Stanislaus Landeis on Empathy and innovation :: this is not your dad's Microsoft anymore at 13:13
Bernd Hofmann on Ausprobiert :: Eve Light Strip at 11:24
Ralf Pichler on Ausprobiert :: Eve Light Strip at 08:46
Axel Laemmert on AutoSleep Tracking mit der Apple Watch at 06:35
Volker Weber on ANC Headphones :: Beats vs Bose vs Microsoft vs Sony at 22:28
Hubert Stettner on The best thing you can do for your health: sleep well at 19:27
Christoph Rummel on ANC Headphones :: Beats vs Bose vs Microsoft vs Sony at 14:47
Volker Weber on Empathy and innovation :: this is not your dad's Microsoft anymore at 14:23
Peter Seidl on Empathy and innovation :: this is not your dad's Microsoft anymore at 12:49
Patrick Bohr on Jetzt auf meinem Sonos :: Das Radio der von Neil Young Getöteten at 11:47
Patrick Bohr on Dieses Schaubild ist die Quelle aller heutigen Apple-Gerüchte at 11:17
Reinhard Fellner on AutoSleep Tracking mit der Apple Watch at 10:21
Volker Weber on Empathy and innovation :: this is not your dad's Microsoft anymore at 10:20
Thomas Langel on udoq :: Es kommt auf das Netzteil an at 09:11
Volker Weber on Empathy and innovation :: this is not your dad's Microsoft anymore at 07:49
Michael Oehme on Empathy and innovation :: this is not your dad's Microsoft anymore at 07:48
Peter Seidl on Empathy and innovation :: this is not your dad's Microsoft anymore at 07:31
Johannes Matzke on ANC Headphones :: Beats vs Bose vs Microsoft vs Sony at 18:49

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 17:22

visitors.gif

buy me coffee

Paypal vowe