Facebook has been making a lot of changes recently and for once, most of them are positive – they are adding useful features rather than confusing us with interface redesigns.
One change, announced in May, is going to affect those of us who have custom Facebook pages built with iframes. Starting October 1, 2011, all Facebook applications are going to be required to have SSL certificates. Since a custom page is considered to be a Facebook app, pages will have to fulfill this requirement.
Earlier this year Facebook added the ability to login and use Facebook securely over https. Applications, however, that did not have SSL certificates could not be viewed over SSL and a user was required to logout of secure viewing to see the application. This security is a good thing. But, soon the applications will HAVE TO be available via SSL.
In my article with the new Iframe instructions I mentioned that there were two fields that would need to be filled out; Secure Canvas URL and Secure Page Tab URL.
So what do we do?
- Contact your web host to find out how much a SSL certificate costs. They will usually run $50/year per domain. You would then use the same URL in the secure fields in the Facebook app but they would start with https rather than http.
- If you are using a 3rd party application for custom pages, make sure that they are aware of the SSL requirements and they will be taking care of this. Most reading this article, however, are probably using custom pages built with Iframes.
- Here is an article that explains how one SSL certificate can be used for multiple apps on multiple domains. You do still need one SSL certificate.
- Set up a free account with Social Server. They use SSL certificates and will provide you with a secure URL for you page when you input the URL to your application. I’ve tested this service and it works great and they say they are never going to charge. As with any 3rd party service, it will only work as long as the service exists.
There is less than a week before this new requirement goes into affect so it is time to either purchase a SSL certificate or try using Social Server.
Do you have any recommendations for other services that will manage Facebook’s SSL requirement for applications?
photo credit: jaymis