We currently have SF in place using http and looking at switching over to ssl, main reason for the self service password functionality. Majority of all our clients are remote and use a ptp vpn tunnel to connect to our network and then launch SF to access their apps. I'm not to familiar with working with certs but from my understanding, since the clients are not on our domain, we can't use a self signed cert we created correct? That would only work for internal clients on the domain? So we would have to purchase a standard ssl cert and import it into the SF server, correct? Theres no cert we would then have to import on the client side? After importing the cert, its just a matter of following the config for SF to use ssl and changing the base url to https. Since most clients are not on our domain, their current link that points to the http, will it automatically redirect to https once the switch is made? Or will we have to let all remote users know to update their link to the new base url with https?