Doing rewrites before SSL authentication

[Maccaday]

Hi,

I'm trying to set up a site that both rewrites URLs of the form:

http://username.mysite.com

as

http://www.mysite.com/?userID=username,

AND

has parts of the site that will have SSL, hence would be of the form

https://username.mysite.com.

I haven't actually tried it yet, but as I understand SSL authentication, the first thing that a browser will do will be to check the certifcate for the URL that the user typed in the browser. Since this would happen before the rewrite of the URL, it would require that all the users have certificates for their respective URLs, which is wholey impractical.

Am I correct in saying this?

Is there any way round this?

The only alternative that I see is to have one part of the site, say:

https://secure.mysite.com,

in which all the necessary secure parts are conducted.

Any comments would be most gratefully received.

 

[btaber]

Correct, the browser will yell that the host name does not match the certificate. You would have to rewrite on standard http first to the desired url (or straight to the https url), then you could go to https from there, once a brower connects to port 443 (https) it has to communicate secure, and certificate is checked.