EDIT
The answer to this question has changed with the SU14 release. See Configure a Custom Domain for Your Community which provides instructions that primarily involve contacting SF Support and the caveats highlighted below.
From Setup, click Domain Management | Custom URLs. Before you switch the CNAME of your domain name to point to a new target name, ensure that the new target name exists in the DNS by using dig or nslookup. When you created your domain names affects the target of your CNAME:
- Domain names that were added before Summer ‘13, typically need to have their CNAME adjusted to point to the fully qualified domain
followed by .live.siteforce.com instead of to the organization’s
force.com sub-domain. For example, if your pre-Summer ‘13 domain is
www.example.com, then the target of its CNAME will need to be
www.example.com.live.siteforce.com instead of example.force.com before
HTTPS will work.
- Domain names that were added in or before Summer ‘13, don’t have the 18-character organization ID in the CNAME target.
- Domain names that were added in or after Summer ‘13, already point to the proper place for setting up HTTPS in a custom domain.
- Domain names that were added in or after Winter ‘14, use a CNAME that points to the fully qualified domain followed by your
organization’s 18-character ID and .live.siteforce.com. For example,
if your domain name is www.example.com and your 18-character
organization ID is 00dxx0000001ggxeay, then the target of its CNAME
will need to be www.example.com.00dxx0000001ggxeay.live.siteforce.com.
Original Answer
Bunyan, take a look at the Sites FAQ which says the following:
Q: Does it support HTTPS custom URLs (not force.com URLs) with our own certificate?
A: Not at this time
and
Q: Can i specify my own SSL certificate if i use a CNAME to brand my URL
A: SSL certificates specify an IP address and at the current time we do not provide a feature to host SSL certificates for sites other than the default domain force.com.
From the above, unless something has changed, I'd conclude that at this time it's not possible to do what you desire.
Best Answer
UPDATE April 2021 - even though this is the accepted answer, and I wrote it, it's no longer correct, so you shouldn't read it. Custom domains over SSL are now fully supported, although there are a few hoops to jump through - see my new answer below for more info
You can't do anything to brand the URL for an SSL site - there was a pilot last year allowing this, but that has stopped and as far as I'm aware, none of the functionality has been opened up as generally available. It may be possible if you are a large marquee customer - Activision have this for https://support.activision.com/ (if you inspect the source you'll see a Visualforce viewstate in there). Joe Morse of Salesforce had the following to say on the success site:> "This was true for a very limited pilot that ran until late last year > (2013), but the product team is evaluating ways to make this work in > production for (Safe Harbor) later this year. "The best I've been able to do is have a thin page or pages hosted by another server that supports the domain name, and then iframe in the https site. That way the force.com URL that is serving the actual content is masked by the thin page wrapper. It can get unwieldy if you are relying on deep linking and bookmarks though, as you then need to be refreshing the outer page each time you navigate to another site page, so you need to orchestrate some navigation using JavaScript.If you are interested in some of the technical details as to why custom domain names over SSL might be tricky for Salesforce, check out this question and answers:
Sites/Portals and SSL