I ran into a situation where a client was accessing a test site and ended up getting a certificate from another site on the same server. Here is the setup:

I never dug into mod_rewrite before Drupal. Now I do. I hope that I have explained this properly and that it helps others figure things out.

So here is the scenario:

• logins should occur via SSL
• everything else should occur via non-ssl
• the main site is www.example.com
• the ssl site is ssl.example.com