function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Can't use SSL on public site?

You simply cannot use ssl on public sites unless a user has been authenticated (SFDC user or portal user).

I confirmed this with salesforce support today.   Log out of your SF session if you are in one (or use a different browser) and then goto the HTTPS addrress of your secure public site.    You will notice that it redirects you to a NON secure (i.e. non SSL) page.   Support told me that was how it was designed and that I should use portals for this function.


Can anyoneelse confirm this in their system?


Does no one else find it interesting that salesforce doesn't even have SSL on public sites?  I mean this stuff has been around since at least 1995 and they are purposely re-directing to an in-secure protocol.  


Someone had to write the re-direct as a normal webserver would just continue on the SSL connection.  Which means this is in-secure by design.


I have opened the following item on the idea exchange: Link here


This idea would make it more transparent and secure.  Please promote it.


In the mean time, you can use the HTTPS:// address for secure transactions with your organization.