Something I do not understand with the shared SSL and how it could work
the nopCommerce installation is running as http://www.myshop.com
I want to use a shared SSL: https://myshop.myhost.com
(this is not a directory but a proper certificate installed in IIS)
I create a website in IIS 7 / win2008 and do the following binding:
http://www.myshop.com
https://myshop.myhost.com
after installing a certificate for myshop.myhost.com in IIS
I can navigate to both with no problem
http://www.myshop.com
https://myshop.myhost.com
In nopCommerce global settings I have :
use SSL + shared SSL = https://myshop.myhost.com
Now if I navigate in the website
http://www.myshop.com
When I hit Login: it goes to https://myshop.myhost.com/Login.aspx
If I login it authenticates me for the domain myshop.myhost.com
Then I am redirected to the non SSL page: http://www.myshop.com
This is not the domain for which I am authenticated, the authentication cookie would not work, so I am not logged in!
So basically that cannot work in this configuration
The only way it to have a non shared SSL where both SSL and non SSL domain are the same, so i am authenticated in both.
Any viewpoint on this?