I guess that's the difference in our scenarios...you're basically running one site (it seems) and you have secure and non-secure areas working together.
I need to host multiple domains which have nothing in common and now need to be able to accommodate secure sites in the mix. Single site hosting vs multiple site hosting...seems to be where the rub is... Rick -----Original Message----- From: Robertson-Ravo, Neil (RX) [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 08, 2006 10:23 AM To: CF-Talk Subject: RE: SSL Certificates Yes, for us it is payments. We have 3 web servers, load balanced with sticky sessions. So, when User A goes and adds up a basket in Web Server A they are always on that server for session awareness etc. Now, for each of these web servers we have a secure.blahblah.com site setup on port 443, each with a cert installed (well it is just one cert exported and imported across the range). So, when a user goes to checkout they are effectively leaving their website domain of www.foo.com and going to secure.blahblah.com - all with their session data intact. At the point they move from HTTP to SSL their traffic is encrypted at the strength allowed by the cert - so yes, all traffice is indeed encrypted at anytime while they are on https://secure.blahblah.com/ Data isn't *sent* to that domain, you are actually moving to the secure domain as part of your request. When all is done and they want to go back they switch back to www.foo.com and all is good. N ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:249186 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
