有托管与插件域帐户。目录结构如下：

Have hosting account with an addon domain. Directory structure is as follows:

/public_html (main site is hosted in this directory)
/public_html/secondary_site/ (secondary site is hosted in this directory.

我正在使用的文件夹中的public_html以下.htaccess文件（并在secondary_site文件夹中没有.htaccess文件）：

I am using the following .htaccess file in the public_html folder (and no .htaccess file in the secondary_site folder):

RewriteEngine On

# BEGIN Domain to folder mapping
    # pointing HTTPS secondarysite.com to https://primarysite.com/secondarysite/
    RewriteCond %{SERVER_PORT} ^443$
    ReWriteCond %{HTTP_HOST} primarysite.com
    ReWriteCond %{REQUEST_URI} !primarysite/
    ReWriteRule ^(.*)$ https://primarysite.com/secondarysite/$1 [L]

    # pointing HTTP secondarysite.com to http://primarysite.com/secondarysite/
    RewriteCond %{SERVER_PORT} ^80$
    ReWriteCond %{HTTP_HOST} secondarysite.com
    ReWriteCond %{REQUEST_URI} !secondarysite/
    ReWriteRule ^(.*)$ http://primarysite.com/secondarysite/$1 [L]
# END Domain to folder mapping

第二条规则工作正常，非安全连接，它正确地转发到的public_html / secondary_site目录。

The second rule works fine for non-secure connections, it correctly forwards to the public_html/secondary_site directory.

然而，当我试图安全地连接到secondarysite.com我打招呼警告页面说明：

However when I try to securely connect to secondarysite.com I am greeted with the warning page stating:

您试图访问secondarysite.com，而是你实际   达到了服务器标识本身作为primarysite.com。这可能是   造成服务器或更多的东西配置错误   严重。在网络上的攻击者可能试图让你   访问假冒secondarysite.com（并且可能有害）。

You attempted to reach secondarysite.com, but instead you actually reached a server identifying itself as primarysite.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of secondarysite.com.

如果我点击我明白了，请继续按钮，然后带我到的public_html / secondary_site正确，SSL安全的目录。该SSL锁是绿色的，幸福的。

If I click on the "I understand, proceed" button, it then takes me to the correct, SSL secured directory of public_html/secondary_site. The SSL lock is green and happy.

对于为什么这个.htaccess文件不要再追请求secondarysite和重写他们的primarysite结构之前，它已经抛出一个贴合坏证书的机会，由于域名不匹配？

Why is this .htaccess file not catching requests for secondarysite and re-writing them to the primarysite structure before it has a chance to throw a fit about a bad certificate due to domains not matching?

推荐答案

（这或多或少是同样的问题，如这个问题，所以我会适应从那里我自己的答案。）

(This is more or less the same problem as in this question, so I'll adapt my own answer from there.)

HTTPS是在HTTP的TLS / SSL（见 RFC 2818 ），它首先建立SSL /任何HTTP流量前TLS连接发送。任何重定向（通过的mod_rewrite ，自定义的PHP code或其它）将SSL后总是适用/ TLS建立连接。

HTTPS is HTTP over TLS/SSL (see RFC 2818), which first establishes the SSL/TLS connection before any HTTP traffic is sent. Any redirection (via mod_rewrite, custom PHP code or other) will always apply after the SSL/TLS connection is established.

不这样做实际上是一个安全问题，因为攻击者可以重写和重定向客户端证书已被证实了。

Not doing so would actually be a security issue, since an attacker could rewrite and redirect the client before the certificate has been verified.

如果您想从 https://secondarysite.com 重定向到 https://primarysite.com ，证书获得 https://secondarysite.com 必须是有效的 secondarysite.com （然后，该为 https://primarysite.com 获得证书必须是有效的 primarysite.com ）。

If you want to redirect from https://secondarysite.com to https://primarysite.com, the certificate obtained for https://secondarysite.com must be valid for secondarysite.com (and then, the certificate obtained for https://primarysite.com must be valid for primarysite.com).

（您可以使用两个不同的证书与服务器名称指示，如果这两台主机是服务于相同的IP地址，但不是所有的客户会一定支持它。）

(You could use two different certificates with Server Name Indication if the two hosts are served on the same IP address, but not all clients would necessarily support it.)

最简单的是将获得的证书的有效期为 secondarysite.com 和 primarysite.com 。这可以通过与多个主题备用名称条目一个证书来完成。

The easiest would be to obtain a certificate that's valid for both secondarysite.com and primarysite.com. This can be done using a single certificate with multiple Subject Alternative Name entries.