The short answer is that the only way to do what you want is to set up an SSL server which will perform the redirect to the non-SSL server, so you'll need to set up an SSL <VirtualHost> and configure your redirects there. I'd use a variation on the solution I posted a few days ago in [webmasterworld.com ].

I think the problem is even with a VirtualHost declaration for port 443, apache can't really handle the https request - since no ssl engine exists on the server.

So I think apache is not able to communicate the redirect back to the client browser...

Is this true?

Or is there a way to tell the client to abort the SSL handshake/auth routine and just accept a plain http redirect?

On other option is to route incoming https requests to a different server (via our firewall NAT rules).

Then on that server, set up a redirect rule for the hostname in question - to redirect it to http: request back on the first (non-SSL) server.

Would rather not involve the other machine, though.

I think the problem is even with a VirtualHost declaration for port 443, apache can't really handle the https request - since no ssl engine exists on the server.

Correct. You will need to enable mod_ssl and configure an HTTPS <VirtualHost> for this to work. There *are* other potential solutions, but they all involve *something* listening on port 443 which understands HTTPS, so Apache will be the easiest way to handle this.

As to *why* you need to do this, the answer is that port 443 requests are, by definition, different than port 80 requests. Apache needs to be able to perform an SSL handshake with a request coming to port 443; if it can't, the the transaction won't even get as far as Apache receiving a request that it understands, so it won't be able to issue a redirect.

Thanks for the advice.