Authenticating web users via SSL, part II