We have a webapp that is build to use SSL for certain (but not all) types of requests. The webapp is using multiple subdomains, the number can change. This combination of features makes that the webapp requires a wildcard SSL certificate.
The webapp is used by some people, but not by a whole lot of them. We would like to keep the webapp running for those who use it, but has been determined that, at this point in time, it is not economically justifiable to pay for the wildcard certificate.
Since the webapp has no build-in method to drop the SSL-requirement (or more precisely, the webapp expects 'SSL-traffic' to be comming in through a separate vhost listening to the same subdomain), I thought that the easiest solution would be to just disable the SSL and keep (unecrypted) traffic running over port 443.
My big question is:
is it a bad idea to run non-SSL traffic over port 443 (and why)?