okay so i have two sites with the same root setup in apache as so:


DocumentRoot "/var/www/example.com/xoops/html"
SSLEngine on
SSLCertificateFile /etc/ssl/certs/secure.example.com.cert
SSLCertificateKeyFile /root/sslkeys/secure.example.com.key
ServerName secure.example.com



DocumentRoot "/var/www/example.com/xoops/html"
ServerName example.com


And I set inside the XOOPS admin menu to use the secure domain for login, but when I click the secure login link a popup window shows up that is still unsecure http not https? Any clues where I am borking this?

443 is ssl standard port maybe that's it?

Well not exactly. Just to experiment I went in and changed the apache confs so that this server was now 443 and I had to change another server of mine to 444 (as you all know I'm sure that you cannot serve more than one ssl site from a single port&ip). Then clicking reload takes me to the other site. Okay so for more experimentation. I try just loading the site through the secure https as it has the same root. Here's the thing the site automatically redirects from the secure site to the regular http site. So how does one setup this secure login? Is there any documentation of how this is properly supposed to be done? After I have set the proper URL in the preferences for the secure login, what else do I need to do to keep the site from redirecting the secure login to the unsecure site?

EDIT:

Okay so I can get it to use ssl by editing mainfile.php and changing the XOOPS_URL variable to the secure url. but now if you go to any page on the site you are redirected to the secure version of the site. Which I guess is ok, but I would just like to secure those things necessary like logins. Can you define multiple urls with XOOPS_URL? I'll experiment and post back.

PostEDIT:

Okay so that's the trick I yanked the XOOPS_URL line, duped it, and set both urls now everything works great and people can choose use either url giving the ability choose between all the time encryption or not. Very nice.