How To: Avoid SSL Cert Mismatches When Accessing SiteWorx
=========================================================

There are two Apache instances on InterWorx servers: 

- The internal Apache instance for the InterWorx GUI, which manages port 2443
- The server-level Apache instance, which manages port 80 and 442

The :doc:`SSL certificate for the internal Apache instance</nodeworx/server_management/other/manage-ssl-certificates-services>` , 
which covers port 2443, can only apply to a single domain. This is most commonly the hostname of the server. 

The :doc:`SSL certificate for a SiteWorx domain </siteworx/domains_and_websites/site_management/setup-ssl-certificate>`
only covers port 443. 

Because of this difference, when accessing SiteWorx using the domain instead of the hostname, it 
is common, and expected, to receive an SSL certificate mismatch message in the browser. 

This is true when accessing via both \https://domain.com/siteworx and \https://domain.com:2443/siteworx,
since the former redirects to the latter. 

This is because the domain is not covered by the internal Apache instance SSL certificate for port 2443. Only the hostname is 
covered by that SSL certificate. And the domain-level SSL certificate does not cover port 2443. 

One recommended way to mitigate this is to have customers access SiteWorx using the hostname instead of their domain--
instead of accessing via \https://domain.com/siteworx or \https://domain.com:2443/siteworx, they 
instead use \https://hostname.com/siteworx or \https://hostname.com:2443/siteworx. 

Another way to mitigate this, is to set up a redirect so that accessing via \https://domain.com/siteworx or 
\https://domain.com:2443/siteworx will automatically redirect to \https://hostname.com:2443/siteworx. 


.. contents::

To Set Up the Redirect From \https://domain.com/siteworx to \https://hostname.com:2443/siteworx
-----------------------------------------------------------------------------------------------

#. Log in to the server at the command line as root, either via SSH or from the terminal
#. At the CLI, navigate to ``/etc/httpd/conf.d``

   .. code-block::

      cd /etc/httpd/conf.d

#. Using a text editor, create a new file ``10-iworx.conf``. The following uses the Vim text editor 

   .. code-block::

      vim 10-iworx.conf

#. Add the following, replacing {hostname.com} with the hostname of the server:

   .. code-block::

      RewriteEngine on
      RewriteRule ^/siteworx(/)?$ https://{hostname.com}:2443/siteworx/\?domain=%{HTTP_HOST} [R,L]
      RewriteRule ^/nodeworx(/)?$ https://{hostname.com}:2443/nodeworx/ [R,L]

#. Save the file and exit the text editor
#. Restart Apache

   .. code-block::

      systemctl restart httpd