Salesforce has released an update that allows you to use a custom URL and perhaps more importantly a private SSL certificate with your customer and partner communities.

http://releasenotes.docs.salesforce.com/en-us/summer14/release-notes/communities_custom_domain_URL.htm

Before this update users would see “force.com” as the base domain (e.g. https://mycompany.force.com) after they logged in.

Setting up the custom URL and SSL certificate is relatively painless. You will need to do the following;

  1. Add the custom URL to Salesforce
  2. Generate a Certificate Signing Request from Salesforce
  3. Create a CNAME (Alias) record in your domain name registrar
  4. Generate an SSL certificate in your domain name registrar
  5. Upload the SSL certificate to Salesforce
Custom domains are supported only in non-sandbox instances. You can configure a custom domain in a sandbox instance and then migrate it to a production instance, but the custom domain is only active in production.

1. Add the custom URL to Salesforce

First, you should add the domain to Salesforce and get the organization’s unique API identifier value for your org.

  1. Login to Salesforce and navigate to Setup > Domain Management > Domains.
  2. Click the Add a Domain button.
  3. Enter your domain name (e.g. www.mydomain.com and click Save.
  4. Take note of the organization’s unique API identifier value which you will use later on when creating the DNS record.

Salesforce Domain Edit Screen

2. Generate a Certificate Signing Request

To generate the SSL certificate request you must first login to Salesforce to get a Certificate Signing Request.

  1. Login to Salesforce and navigate to Setup > Security Controls > Certificate and Key Management.
  2. Click the Create CA-Signed Certificate button.
  3. Fill out the values using the example below.
  4. Download the certificate request by clicking the Download Certificate Signing Request button.

https://help.salesforce.com/HTViewHelpDoc?id=security_keys_creating.htm&language=en_US

Salesforce Certificate Edit Screen

After you create a CA-signed certificate and certificate request, the certificate is not active and you can’t use it until it’s been signed by a certificate authority and uploaded into your organization.

3. Create a CNAME (Alias) record

To create the CNAME record you need to login to your domain name registrar and create the CNAME alias record with the following values.

Record type:CNAME (Alias)
Host:www.mydomain.com
Points to:www.mydomain.com.00dj0000000ibuhea5.live.salesforce.com

The points to value should consist of your domain, the organization’s unique API identifier, and the Salesforce base domain. (e.g. www.mydomain.com.ID.live.salesforce.com)

Here are instructions for some common domain registrars.

4. Generate an SSL certificate

If you haven’t already done so, purchase an SSL certificate for your domain. GoDaddy offers  a 1-year certificate for $69.99 per year.

  1. Login to your SSL certificate provider and navigate to the SSL certificate you want to use.
  2. Create a Certificate Request and provide the contents of the CSR file you generated before.
  3. After the CSR is validated download the certificate file.

Here are instructions for some common SSL certificate providers.

5. Upload the SSL certificate to Salesforce

For the final step login to your Salesforce org and upload the SSL certificate that was generated.

  1. Login to Salesforce and navigate to Setup > Security Controls > Certificate and Key Management.
  2. Select the certificate you created earlier.
  3. Click the Upload Signed Certificate  button.
  4. Select the file then click the Save button.
  5. Navigate to Setup > Domain Management > Domains.
  6. Click Edit on the domain you configured earlier.
  7. Set the Certificate and Key to the certificate you created earlier.
  8. Click Save.

Your Salesforce Community should now be configured to use a custom url and HTTPS. When a customer or partner logs in they should be taken to https://www.yourdomain.com.

* Please note, it can take up to 48 hours for Salesforce to process the domain and certificate.