Facebook Apps Will Require a SSL Certificate Starting October 1, 2011
Facebook has been making a lot of changes recently and for once, most of them are positive – they are adding useful features rather than confusing us with interface redesigns.
One change, announced in May, is going to affect those of us who have custom Facebook pages built with iframes. Starting October 1, 2011, all Facebook applications are going to be required to have SSL certificates. Since a custom page is considered to be a Facebook app, pages will have to fulfill this requirement.
Earlier this year Facebook added the ability to login and use Facebook securely over https. Applications, however, that did not have SSL certificates could not be viewed over SSL and a user was required to logout of secure viewing to see the application. This security is a good thing. But, soon the applications will HAVE TO be available via SSL.
In my article with the new Iframe instructions I mentioned that there were two fields that would need to be filled out; Secure Canvas URL and Secure Page Tab URL.
So what do we do?
- Contact your web host to find out how much a SSL certificate costs. They will usually run $50/year per domain. You would then use the same URL in the secure fields in the Facebook app but they would start with https rather than http.
- If you are using a 3rd party application for custom pages, make sure that they are aware of the SSL requirements and they will be taking care of this. Most reading this article, however, are probably using custom pages built with Iframes.
- Here is an article that explains how one SSL certificate can be used for multiple apps on multiple domains. You do still need one SSL certificate.
- Set up a free account with Social Server. They use SSL certificates and will provide you with a secure URL for you page when you input the URL to your application. I’ve tested this service and it works great and they say they are never going to charge. As with any 3rd party service, it will only work as long as the service exists.
There is less than a week before this new requirement goes into affect so it is time to either purchase a SSL certificate or try using Social Server.
Do you have any recommendations for other services that will manage Facebook’s SSL requirement for applications?
photo credit: jaymis
Keep Reading:
Did you enjoy this article? I can assist you with your WordPress or Facebook project. Contact me and I will provide you with an estimate. You can also connect with me on Facebook or follow me on Twitter. If you are looking for Hosting, WordPress Theme, Newsletter or other recommendations, please view my detailed list.
September 27, 2011 at 1:51 pm
Thanks for this.
A question: Social Server gives me a secure tab URL but not a secure canvas URL – so how do I get a secure canvas URL?
September 27, 2011 at 8:30 pm
Hi Vered – I think you have already resolved this but the same URL can be used for both fields. I can’t remember if I located that in their FAQ or on their Facebook page but I’ve tested it and it works fine.
September 27, 2011 at 8:13 pm
Kim, you had mentioned that all the changes are positive. I have a difference in opinion and so the market. See this post from Mashable – http://mashable.com/2011/09/21/facebook-news-feed-update-poll/
74% people hate them. I think with the sudden raise of Google+, Facebook is forced to make changes and they are not as innovative as it should be. Just my opinion.
September 27, 2011 at 8:35 pm
Hi Sam, I don’t think all the Facebook changes are positive. I actually think they are kind of annoying because it’s really hard for me to keep up with them. But, in the scheme of things I don’t think it’s that big of a deal.
October 2, 2011 at 1:08 am
Yes Kim. This https thing is good from a security standpoint. But all these UI things seem to be a kind of done in hurry just to keep in race with G+
September 29, 2011 at 12:36 am
You can also use Google sites which has ssl built in, the only problem is that Google put their logo at the bottom. Other than that it’s free.
al@las vegas seo´s last post ..Never Too Big To Fail With SEO
October 6, 2011 at 6:46 pm
Thanks for the info – that’s good to know!
October 1, 2011 at 7:02 am
Good move by Facebook. I’ve always felt that the apps should be subjected should be subjected to a bit more stringent guidelines and specifications.
-Jean
October 2, 2011 at 4:00 am
Hi Kim,
Facebook changes all the time so I think many people like me do not do anything for maybe a few months, so change them again. I’m pretty tired of Facebook.
October 6, 2011 at 6:52 pm
Hi Marbella – Change is good but Facebook does it way to often.
October 7, 2011 at 1:55 pm
Hi, we provide cheap hosting for Facebook applications and tab – with shared SSL certificate. If you are interested, feel free to contact me.
Jiri Spacek