+ Start a Discussion
Stéphanie ParkStéphanie Park 

Displaying a VF page to non-authenticated website visitor

We have a VisualForce page that needs to be displayed on our website through an iframe. The problem is that both Mozilla and Chrome are displaying error message, saying that the connection is not secured. 

"Your connection is not secure
The owner of xyz.force.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website."

I checked the configuration of our site in Salesforce. It looks like HTTPS is enabled. We have a self-signed certificate, but that's it. 

We're using Salesforce Classic and for the moment there's no project to use tools like Canvas or Lightning out...  
Any suggestions? 
Thanks.  
Best Answer chosen by Stéphanie Park
Khan AnasKhan Anas (Salesforce Developers) 
Hi Stéphanie,

Greetings to you!

According to Salesforce Knowledge Article (https://help.salesforce.com/articleView?id=000230362&type=1):

Force.com Sites uses different domains for HTTP versus HTTPS. The force.com sub-domain gets sent to Akamai and the HTTPS version goes to the secure.force.com domain instead of force.com. Attempting to use HTTPS on the force.com subdomain results in a certificate error. 

The right URL usage would be:

HTTPS: https://xyz.secure.force.com

HTTP: http://xyz.force.com

It is key to note that the Require Secure Connections (HTTPS) option can help ensure that anyone who accesses http://xyz.force.com gets redirected to https://xyz.secure.force.com

I hope it helps you.

Kindly let me know if it helps you and close your query by marking it as solved so that it can help others in the future. It will help to keep this community clean.

Thanks and Regards,
Khan Anas

All Answers

Khan AnasKhan Anas (Salesforce Developers) 
Hi Stéphanie,

Greetings to you!

According to Salesforce Knowledge Article (https://help.salesforce.com/articleView?id=000230362&type=1):

Force.com Sites uses different domains for HTTP versus HTTPS. The force.com sub-domain gets sent to Akamai and the HTTPS version goes to the secure.force.com domain instead of force.com. Attempting to use HTTPS on the force.com subdomain results in a certificate error. 

The right URL usage would be:

HTTPS: https://xyz.secure.force.com

HTTP: http://xyz.force.com

It is key to note that the Require Secure Connections (HTTPS) option can help ensure that anyone who accesses http://xyz.force.com gets redirected to https://xyz.secure.force.com

I hope it helps you.

Kindly let me know if it helps you and close your query by marking it as solved so that it can help others in the future. It will help to keep this community clean.

Thanks and Regards,
Khan Anas
This was selected as the best answer
Stéphanie ParkStéphanie Park
Hi Khan, 
Amazing, it works! You have no idea what a big help this is... Salesforce Support was not able to provide an easy solution! 
Thank you so much! 
Khan AnasKhan Anas (Salesforce Developers) 
It's my pleasure. I’m glad I was able to help :)
Ramakrishna Reddy GouniRamakrishna Reddy Gouni
with guest user permission can access from force.com site.