diff -ru openid.orig/config.default.php openid/config.default.php
--- openid.orig/config.default.php	2010-06-28 19:17:38.000000000 +0200
+++ openid/config.default.php	2010-06-29 17:35:41.000000000 +0200
@@ -71,6 +71,9 @@
 # Warning: if you change this, all current OpenId credentials will become invalid
 $config['SSL']['enable_mixed_mode']         = false;
 
+# Use HTTP for provider urls, but HTTPS for browser masks (useful for self-signed certificates).
+$config['SSL']['redir_openid_masks']        = false;
+
 
 #
 #  -------  DATABASE ------------
diff -ru openid.orig/config.template.php openid/config.template.php
--- openid.orig/config.template.php	2010-06-28 19:17:57.000000000 +0200
+++ openid/config.template.php	2010-06-29 17:35:35.000000000 +0200
@@ -71,6 +71,9 @@
 # Warning: if you change this, all current OpenId credentials will become invalid
 $config['SSL']['enable_mixed_mode']         = {SSL.enable_mixed_mode};
 
+# Use HTTP for provider urls, but HTTPS for browser masks (useful for self-signed certificates).
+$config['SSL']['redir_openid_masks']        = {SSL.redir_openid_masks};
+
 
 #
 #  -------  DATABASE ------------
diff -ru openid.orig/index.php openid/index.php
--- openid.orig/index.php	2010-06-29 14:38:47.000000000 +0200
+++ openid/index.php	2010-06-29 17:39:17.000000000 +0200
@@ -22,6 +22,57 @@
 Application::setErrorReporting();
 Application::setLogger();
 Application::logRequest();
+
+function getRealPOST() {
+    $pairs = explode("&", file_get_contents("php://input"));
+    $vars = array();
+    foreach ($pairs as $pair) {
+        $nv = explode("=", $pair);
+        $name = urldecode($nv[0]);
+        $value = urldecode($nv[1]);
+        $vars[$name] = $value;
+    }
+    return $vars;
+}
+
+function http_redirect($url, $post = false) {
+    if ( !$post ) {
+	header('Location: '.$url);
+	echo '<html><head><title>OpenID transaction in progress</title></head>';
+	echo '<body>';
+	echo '<a href="'.$url.'">Continue</a>';
+	echo '</body></html>';
+    } else { 
+	echo '<html><head><title>OpenID transaction in progress</title></head>'."\n";
+	echo '<body onload=\'document.getElementById("openid_message").submit()\'>'."\n";
+	echo '<form accept-charset="UTF-8" enctype="application/x-www-form-urlencoded" id="openid_message" action="'.$url.'" method="post">'."\n";
+	foreach ($post as $key=>$val) {
+	    echo '<input type="hidden" name="'.$key.'" value="'.htmlspecialchars($val).'" />'."\n";
+	}
+	echo '<input type="submit" value="Continue to HTTPS" />'."\n";
+	echo '</form>';
+	echo '</body></html>';
+    }
+    die();
+}
+
+if (!isset($_SERVER['HTTPS']) && isset($_GET['openid_mode']) &&
+        Zend_Registry::get('config')->SSL->redir_openid_masks &&
+        ($_GET['openid_mode'] == 'checkid_immediate' ||
+         $_GET['openid_mode'] == 'checkid_setup'))
+{
+    http_redirect("https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}");
+}
+
+if (!isset($_SERVER['HTTPS']) && isset($_POST['openid_mode']) &&
+        Zend_Registry::get('config')->SSL->redir_openid_masks &&
+        ($_POST['openid_mode'] == 'checkid_immediate' ||
+         $_POST['openid_mode'] == 'checkid_setup')) 
+{
+    http_redirect("https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}", getRealPOST());
+}
+
+
 Application::setDatabase();
 Application::setSession();
 Application::setAcl();
diff -ru openid.orig/libs/CommunityID/Controller/Action/Helper/ProviderUrl.php openid/libs/CommunityID/Controller/Action/Helper/ProviderUrl.php
--- openid.orig/libs/CommunityID/Controller/Action/Helper/ProviderUrl.php	2010-01-04 20:51:24.000000000 +0100
+++ openid/libs/CommunityID/Controller/Action/Helper/ProviderUrl.php	2010-06-29 16:43:44.000000000 +0200
@@ -30,6 +30,10 @@
         } else {
             preg_match('#(.*)/(identity|openid)?/#', $currentUrl, $matches);
 
+	    if ( $config->SSL->redir_openid_masks && substr($matches[1],0,5) == "https" ) {
+		$matches[1] = "http".substr($matches[1],5);
+	    }
+
             return $matches[1] . '/openid/provider';
         }
     }