We are stumped and perplexed trying to figure out how to implement the shared SSL for our nonprofit website.  Please help, advise, suggest, comment.

Problem:  pages configured as 'secure' to utilize SSL settings (ssl enabled true, ssl enforced true, ssl url wwwXXXX.ssldomain.com/domainidXXXXXX, standard url (our assigned IP address for pre-production before we redirect our domain name), portal alias (standard url, matched by wwwXXXX.ssldomain.com/domainidXXXXXX) seem to have a few issues: 

  a) authentication not passed between http and https so user has to login again (re-login) before accessing the content on https 

  b) images are not loading on the https pages because the url is trimmed off somehow; instead of being loaded with the prefix https://wwwXXXX.ssldomain.com/domainidXXXXXX/Portals/0/images/image.jpg, it loads up as https://wwwXXXX.ssldomain.com/Portals/0/images/image.jpg and then the image fails to load (as you'll notice, the domainidXXXXXX part is missing from the latter prefix) whereas if it were included, the image would load.

  c) in the session accessed after the user logs in the 2nd time, changes that are made are not reflected on the main site.  We have to go back to host login and restart the application.  It's like working with a ghost cache database.

  d) if you log out of the 2nd session, you end up still on https (shared certificate prefix) not http (domain / ip address)

We are running DNN 4.8.2 on a shared ASP.NET intermediate account (IIS6 (I think), ASP.NET framework 2.0.50727.3082, web farm enabled false, physical path=d:\inetpub\DomainIDXXXXXX) powered by shared MSSQL2005 database (DNN normal install) at CrystalTech web hosting with a shared SSL certificate that works by way of the assigned URL wwwXXXX.ssldomain.com/domainidXXXXXX.  Performance settings:  (page state persistance=page, module caching method=memory, performance settings=moderate caching, authenticated cachability=ServerAndNoCache, compression=no compression, use whitespace filter=unchecked)

Our preproduction site URL / domain is an IP address: 67.199.XX.XXX to which we've not yet pointed the organization's domain name www.XYZ.org.   We were planning to redirect the domain name of the organization and purchase a separate SSL certificate, but are concerned the problems above might persist regardless. 

Suspect some sort of cookie and/or authentication passing issue.  Also, why are images not able to be redirected with their relative links inside https with the domainidXXXXXX subdirectory, same as pages (tabs)?  Finally is there a setting to redirect the user after they leave the https session back to http?

Finally, for another portal on CrystalTech, we purchased the SSL for a domain name and voila...no issues with dropping sessions, having to re-login / login again, no more issues with image files having difficulty with URLs, etc.  So it looks like shared SSL with DNN on IIS is problematic in version 4.8.2 and like the code needs a fix / solution / workaround for URLs for images / subdirectories and probably the same for preserving session information.

Please let us know if anyone finds a workaround.

Thanks.

((SIDE NOTES:

I noticed in the new one, we didn't have to put an SSL URL in admin settings, advanced, sll settings, nor a portal alias. 

I also noticed at one point where we had trouble, the tab for the Home page (36 by default it seems) had a setting of IsSecure True in the database which I switched it to False, and things started working better.  Yet upon returning to the settings interface, SSL enabled and SSL enforced were still checked.  I searched all column names in the database looking for an on/off switch / setting in a database table or some such, no luck.  Looks like it's something that gets written somewhere else.))