Cisco Support Community
Community Member

HTTPS TO HTTPS rewrite error with Wilcard Cert

I have a wildcard cert installed on my ACE and a HTTP redirect for any http traffic.  The redirect works fine for all http traffic and HTTPS traffic.  I am recieving an error when users try to connect to  If they connect to Https://,, etc. it works fine.  I only get errors when the www or any specific host name is left off and https request.  I am receiving the error the domain does not mach the cert.  The cert is configured for *  Below is my config.  Any Ideas?

rserver redirect HTTPS-REDIR

  webhost-redirection https://%h%p 301


rserver redirect HTTPS-REDIR-domain

  webhost-redirection 301


rserver host WEBSERVER-01

  ip address


rserver host WEBSERVER-02

  ip address


action-list type modify http ADD-HTTPS

  ssl url rewrite location ".*"

serverfarm host ALGINE-SERVERFARM-80

  probe PING


  rserver WEBSERVER-01 80


  rserver WEBSERVER-02 80


serverfarm redirect HTTP-HTTPS-REDIR

  description Redirection from Port 80 to 443

  rserver HTTPS-REDIR-domain


ssl-proxy service domain-domain-COM

  key *

  cert *-domain-com.cer

  chaingroup TEST-CHAIN

  ssl advanced-options PARAM-RSA-SSL1

sticky http-cookie ALG-LB ALG-COOKIE-01

  cookie insert

  timeout 120

  replicate sticky

  serverfarm DOMAIN-SERVERFARM-80

class-map match-any CM-domain-COM-http

  2 match virtual-address tcp eq www

class-map match-any CM-domain-COM-https

  2 match virtual-address tcp eq https

class-map match-any CM-TEST-MAP

class-map type management match-any remote_access

  2 match protocol xml-https any

  3 match protocol icmp any

  4 match protocol telnet any

  5 match protocol ssh any

  6 match protocol http any

  7 match protocol https any

  8 match protocol snmp any

policy-map type management first-match remote_mgmt_allow_policy

  class remote_access


policy-map type loadbalance first-match CM-domain-COM

  class class-default

    sticky-serverfarm ALG-COOKIE-01

policy-map type loadbalance first-match CM-domain-COM-http

  class class-default

    serverfarm HTTP-HTTPS-REDIR

policy-map multi-match INT-VLAN229-VIPS

  class CM-domain-COM-http

    loadbalance vip inservice

    loadbalance policy CM-domain-COM-http

    loadbalance vip icmp-reply active

    appl-parameter http advanced-options HTTP-OPTIONS_1

    connection advanced-options TCP-CONN-OPTIONS

  class CM-domain-COM-https

    loadbalance vip inservice

    loadbalance policy CM-domain-COM

    loadbalance vip icmp-reply active

    appl-parameter http advanced-options HTTP-OPTIONS_1

    ssl-proxy server domain-domain-COM

    connection advanced-options TCP-CONN-OPTIONS

Cisco Employee

HTTPS TO HTTPS rewrite error with Wilcard Cert

Hi Chris

ACE can't cause such type of problems, as this check is a simple check done on browser side.

The problem seems to be that wilcard certificate for * matchs e.g. these domains :,, but doesn't match

CreatePlease to create content