Apex Code Development You need to sign in to do that
Don't have an account?
colemab Can't use SSL on public force.com site?
You simply cannot use ssl on public sites unless a user has been authenticated (SFDC user or portal user).
I confirmed this with salesforce support today. Log out of your SF session if you are in one (or use a different browser) and then goto the HTTPS addrress of your secure public site. You will notice that it redirects you to a NON secure (i.e. non SSL) page. Support told me that was how it was designed and that I should use portals for this function.
Can anyoneelse confirm this in their system?
Does no one else find it interesting that salesforce doesn't even have SSL on public sites? I mean this stuff has been around since at least 1995 and they are purposely re-directing to an in-secure protocol.
Someone had to write the re-direct as a normal webserver would just continue on the SSL connection. Which means this is in-secure by design.
I have opened the following item on the idea exchange: Link here
This idea would make it more transparent and secure. Please promote it.
In the mean time, you can use the HTTPS://mycompany.secure.force.com address for secure transactions with your organization.