function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
colemabcolemab 

Can't use SSL on public force.com site?

You simply cannot use ssl on public sites unless a user has been authenticated (SFDC user or portal user).


I confirmed this with salesforce support today.   Log out of your SF session if you are in one (or use a different browser) and then goto the HTTPS addrress of your secure public site.    You will notice that it redirects you to a NON secure (i.e. non SSL) page.   Support told me that was how it was designed and that I should use portals for this function.

 

Can anyoneelse confirm this in their system?

colemabcolemab

Does no one else find it interesting that salesforce doesn't even have SSL on public sites?  I mean this stuff has been around since at least 1995 and they are purposely re-directing to an in-secure protocol.  

 

Someone had to write the re-direct as a normal webserver would just continue on the SSL connection.  Which means this is in-secure by design.

colemabcolemab

I have opened the following item on the idea exchange: Link here

 

This idea would make it more transparent and secure.  Please promote it.

 

In the mean time, you can use the HTTPS://mycompany.secure.force.com address for secure transactions with your organization.