Facebook’s New SSL Requirement

by on September 27, 2011 · 6 comments

Facebooks’s deadline for SSL encryption is fast approaching. As of October 1, all Facebook fan pages must be SSL-protected. So, what does that mean for you and your Facebook business page?

Well, it all depends on how you are using your business page. If you have any third party applications, custom welcome pages, content accessible by fans only or other special applications, you will need to acquire a SSL certificate for your site in order for your Facebook content to be accessible.

On the other hand, if you are a more casual Facebook user and you have none of these features on your Facebook business page, you may not need to do anything different.

What Is an SSL Certificate and How Do I Get One for My Website or Blog?

SSL is an abbreviation for secure socket layers. It was developed as a means of transmitting private information in a secure fashion over the internet. A SSL certificate simply provides the proof to the user that your site is SSL encrypted and capable of storing and/or or tranmitting their information securely.

One of the ways that your can tell whether a website is using SSL or not is by the URL that shows up in your web browser. Sites (or more specifically, pages) that have functional SSL will start with https rather than simply http.

How you get and install a SSL certificate will depend on your web host. Some provide the certificates free of charge. With other web hosting services, you may need to purchase a SSL certificate for your site. Typically, they range in price from $50 upwards, depending on the service. For instance, I just purchased a multi-site SSL certificate (for use on up to 5 domains) from Go Daddy for $89.99 for the year.

Your hosting service should also provide a means of installing the certificate on your site. Contact your web host for more information.

What Else Do I Need To Do?

The other you’ll need to do is to add your secure pages to your Facebook apps in the developers section, as in the image below.

Facebook's SSL Requirements

Add the URLs for your secure canvas pages and secure page tabs. I have only a canvas page and no tab page in this particular app. You may have one or both depending on the app.

Click to Enlarge

Will All Facebook Business Pages Need SSL Certificates?

All Facebook business pages will be required to have SSL capability. However, much of that will be taken care of by Facebook on its own site. What you need to worry about securing are any “off-site” material or third-party applications (like those that reside on your blog or website) that are associated with your Facebook page.

{ 6 comments… read them below or add one }

Emmy Scammahorn September 27, 2011 at 3:09 pm

Oh, lordy. Thanks. I’ll deal with it before Friday.


Lorie Huston September 27, 2011 at 4:18 pm

Good luck, Emmy. Give me a shout if you need help :)


Emmy Scammahorn September 27, 2011 at 5:40 pm

PS Lorie, I don’t know if you’ve seen my diary of the trip my hamster and I are on; I’m having fun with it. http://www.mytripjournal.com/emmymaggie


Lorie Huston, DVM September 28, 2011 at 3:55 am

I haven’t seen it, Emmy. But I’m going to go take a look at it in just a little while. Thanks for the link and I’m glad you’re having fun with it :)


Todd Pinckney September 29, 2011 at 8:47 pm

Thanks for the info Lorie… very helpful! I haven’t done any development stuff to my FB fan page and so it’s not loading content from my server. But… I do have a link to my FB fan page from my blog and my website. Will those need SSL certificates because they link to my FB fan page? Thanks for any help you can give me!


Lorie Huston, DVM September 29, 2011 at 11:20 pm

That’s a great question, Todd. To the best of my knowledge based on what I can find in the Facebook developers forum, if you are using HTML or FBML for your social plugin, you should be okay for now (although FBML is being deprecated so I would use HTML instead.) If you are using an IFrame to display the plugins’ content, you likely will need a SSL certificate. Most people are probably using the HTML code which should be okay without a SSL certificate.


Leave a Comment

Previous post:

Next post: