Hi
We have a few CentOS 6 servers running Plesk 12.5 and OS vendor version of Apache 2.2 and have recently enabled https for some websites and opened access to https from the outside world.
However only a few websites are using SSL/TLS certificates and due to the way apache handles incoming https requests for domains that do not have https, it just shows the default plesk panel self-signed certificate and the default plesk webpage instead of denying access to the URL.
Scenario:
webpage1.com is hosted with us in server #1 and has SSL support and a valid certificate
webpage2.com is hosted with us in server #1 and does not have SSL support enabled
Both domains are used with Hosted Microsoft Exchange accounts for the customers email.
webpage1.com responds to https requests with a valid certificate, therefore users' mail clients will accept the 404 error and attempt using autodiscover.webpage1.com instead
webpag2.com does not have https enabled and therefore apache servers the default webpage using the self-signed certificate. the mail clients reject this certificate and users are prompted that the autodiscover page uses an invalid certificate and if they would like to proceed. Once the user accepts to continue they recieve the 404 error and the mail client attempts to user autodiscover.webpage2.com instead.
Is there a way for us to completely deny access to the default website on https so that users are faced with a timeout error before being presented with a certificate and therefore mail clients will not prompt users with certificate warnings?
We have a few CentOS 6 servers running Plesk 12.5 and OS vendor version of Apache 2.2 and have recently enabled https for some websites and opened access to https from the outside world.
However only a few websites are using SSL/TLS certificates and due to the way apache handles incoming https requests for domains that do not have https, it just shows the default plesk panel self-signed certificate and the default plesk webpage instead of denying access to the URL.
Scenario:
webpage1.com is hosted with us in server #1 and has SSL support and a valid certificate
webpage2.com is hosted with us in server #1 and does not have SSL support enabled
Both domains are used with Hosted Microsoft Exchange accounts for the customers email.
webpage1.com responds to https requests with a valid certificate, therefore users' mail clients will accept the 404 error and attempt using autodiscover.webpage1.com instead
webpag2.com does not have https enabled and therefore apache servers the default webpage using the self-signed certificate. the mail clients reject this certificate and users are prompted that the autodiscover page uses an invalid certificate and if they would like to proceed. Once the user accepts to continue they recieve the 404 error and the mail client attempts to user autodiscover.webpage2.com instead.
Is there a way for us to completely deny access to the default website on https so that users are faced with a timeout error before being presented with a certificate and therefore mail clients will not prompt users with certificate warnings?