I ran into a situation where a client was accessing a test site and ended up getting a certificate from another site on the same server. Here is the setup:

So you may have tried to do this according to my first blog post on the topic. If you did, you found that problems STILL existed!!

So I have created a patch to the securepages module (are you watching Gordon?) to allow this to actually work. And yes! It does work! There are some caveats though

• The user login block, which I use to use on my site, won't work in SSL mode unless you limit it to SSL pages only. That means you can't put it on your homepage and have SSL logins. It appears that the user block in core needs to be changed or a replacement block created.

I never dug into mod_rewrite before Drupal. Now I do. I hope that I have explained this properly and that it helps others figure things out.

So here is the scenario:

• logins should occur via SSL
• everything else should occur via non-ssl
• the main site is www.example.com
• the ssl site is ssl.example.com