Image credit: Steve Rhodes’ “Bank of America security giving me the finger during the Iraq war protest”
OK, I need some help here. I am trying to make sure everything we do on UMW Blogs is covered under SSL, and while we have the SSL certificate for UMW Blogs, we don’t have the dynamic subdomain certificate. So, in short, is there some http, .htaccess voodoo we can do that would force everyone to sign-in through the main umwblogs.org domain, which would then kick them back to the administrative backend of their own blog once they’re in? I imagine this might even work for mapped domains, and it seems similar to what wordpress.com is doing. Any hints or tips would be greatly appreciated, because I have to get this solved right quick 
If you try to put ssl traffic with that certificate through any subdomains, the user’s browser will refuse to make the request. But you probably knew that.
For redirecting all authentication transactions to the top level, something like this should work:
ServerName *.umwblogs.org
RedirectPermanent /wp-login.php https://umwblogs.org/wp-login.php
TransferLog /var/log/httpd/auth-redirect-access.log
ErrorLog /var/log/httpd/auth-redirect-error.log
http://pastie.textmate.org/505411
I wish Matt and his team would make some of the changes that they made to WPMU to make WordPress.com more public. There is some serious voodoo back there that sites like umwblogs could use.
Good to hear from you again, and thanks for the code. I am weak, I tried that but it’s locking me out of the subdomain sites. I have to check with my server admin to see what is what. I simple .htaccess redirect like this will save me much work.
Andre,
I couldn’t agree more, I need that voodoo something fierce, especially withe mapped domains. I want to know how they are making the sign-on secure for those folks. It would be key for us. I’ll both Brian and Enej as soon as I can.
You are my hero, I think this is going to work!