Print this page

Using force.com vs secure.force.com extensions in Site.com URLs

Knowledge Article Number 000230362
Description


When Force.com Site users use a HTTPS URL with the force.com extension, they might run into an insecure connection error. Depending on the browser they are using, they might see one of the following:

Chrome:

Your connection is not private

Attackers might be trying to steal your information from xyz.force.com (for example, passwords, messages, or credit cards).

NET::ERR_CERT_COMMON_NAME_INVALID


Firefox:

This Connection is Untrusted

You have asked Firefox to connect securely to xyz.force.com, but we can't confirm that your connection is secure.

Or

"Your connection is not secure

The owner of ***.force.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website."

 

Internet Explorer:

There is a problem with this website’s security certificate.

The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

Resolution

Force.com Sites uses different domains for HTTP versus HTTPS. The force.com sub-domain gets sent to Akamai and the HTTPS version goes to the secure.force.com domain instead of force.com. Attempting to use HTTPS on the force.com subdomain results in a certificate error. 

The right URL usage would be:

HTTPS: https://xyz.secure.force.com

HTTP: http://xyz.force.com


It is key to note that the Require Secure Connections (HTTPS) option can help ensure that anyone who accesses http://xyz.force.com gets redirected to https://xyz.secure.force.com

 





promote demote