Are you redirected "out" of https to http? Try to use fiddler, and see if you get any http requests when you expect only https.

What I mean is that when the page is clicked on in the structure tab in edit mode, it doesn't realise the page requires https so just attempts to use the standard http link, which naturally enough gives a 403.4 error.

Hm, got that wrong then. Are you running everything in edit mode (https://.../edit/), or do you just need ssl on spesific pages? If the latter is true, EPiServer will not do this for you, it only uses realtive addresses - the requirement for SSL is a IIS setting, not an EPiServer setting. /Steve

Just a few specific pages. I was hoping there was some sort of workaround to get the preview working in edit mode. It would be nice if a future version of episerver could have a property to specify https for individual templates, perhaps.

Ok, I see your point. The problem with requiring ssl in IIS is that it will be enforced before ASP.NET and EPiServer sees it. Having the requirement on a page type, or even on specific pages is an option, and it is not too difficult to do yourself. Just as EPiServer checks the security for a page on load, and redirects if needed, you can do the same thing for SSL. I always recommend having a common base class for all your templates, and inherit from this, instead of TemplatePage. Your base can inherit from TemplatePage instead. In your class, you can enforce such an SSL rule, for all pages on the site. Another option is to write a httpmodule that does this for you. But, beware of the SSL warning popups that will haunt your users if you constantly switch to and from SSL. The easy solution is of course to make sure that you stay on https if you get there in the first place. However, nothing is cached (not even images) under SSL, so things will be slow. /Steve