发布HTTP级重定向的能力是独立的原始或目标站点是否受HTTPS（SSL / TLS）保护和对应的证书。重定向可以以任何组合的形式发行，特别是所有这些都是允许的：

  FROM TO 
 http：// www .example.com http：//www.other.example 
 http://www.example.com https：//www.other.example 
 https://www.example.com http： //www.other.example 
 https://www.example.com https：//www.other.example 
 

在发生任何这些HTTP重定向之前，客户端必须能够使用FROM服务器建立有效的HTTP请求。如果 www.example.com 是任何人都可以使用的互联网访问网站，和使用HTTPS，那么它必须使用证书;***由认可的CA（认证机构）签署。但是，这个问题不是针对重定向主题的具体内容。它将适用于对该服务器的任何请求，应被视为单独的关注。

对OP的问题的解释是：不，重定向的来源不需要使用SSL / TLS进行安全，只是为了发布重定向到受保护的站点。（表2中的情况2

可能还有其他原因，为什么始发服务器应该使用HTTPS，但不是要求只是为重定向的能力。请注意，在某些情况下（例如情况3），浏览器可能会警告用户是否从HTTPS上下文重定向到不安全页面。

Quick dumb question but want to make sure. I need to redirect www.example.com to www.example1.com. www.example1.com is already secured with a SSL cert. Do i need to purchase a SSL cert for www.example.com? I am assuming 'No' because the redirect is landing on a page that is aready secured.

Please advise.

Thanks, Alpha

The ability to issue an HTTP-level redirect is independent of whether the original or destination sites are protected by HTTPS (SSL/TLS) and a corresponding certificate. Redirects may be issued in any combination, specifically all of these are allowed:

FROM                      TO
http://www.example.com    http://www.other.example
http://www.example.com    https://www.other.example
https://www.example.com   http://www.other.example
https://www.example.com   https://www.other.example

Before any of these HTTP redirects to take place, the client must be able to establish a valid HTTP request with the "FROM" server. If www.example.com is an Internet-accessible site intended to be used by anyone, and it uses HTTPS, then it must use a certificate; preferably, one signed by a recognized CA (Certificate Authority). However, this concern is not specific to the topic of redirects; it would apply to any request to that server and should be treated as a separate concern.

The answer to my interpretation of the OP's question is: No, the source of a redirect does not need to be secured with SSL/TLS merely in order to issue a redirect to a protected site. (Case 2 in my table above.)

There may be other reasons why the originating server should use HTTPS, but it is not a requirement merely for the ability to redirect. Note that in some cases (e.g. case 3) a browser may warn the user if redirecting to an insecure page from an HTTPS context.