Facebook Pages SSL Deadline Approaches

with 14 Comments IN Marketing & Wordpress

Facebook Pages SSL Deadline ApproachesOctober 1st Facebook SSL Deadline is Fast Approaching

This is not “new” news, but one that many internet marketers and Facebook Fan Page owners have been worried about for a few months now. Basically, Facebook is going to require that all Facebook Fan Pages (with Canvas apps, ie: Welcome Pages) and Applications have a valid SSL Certificate if they are hosted outside of Facebook.

Apparently more than 9 million Facebook users have already switched to secure browsing (Account > Account Settings > Security > Secure Browsing) so are already starting to see something like this when they visit a Facebook page or Application that has not yet switched to SSL:

Facebook Turn Off Secure Browsing Fan Page SSLFor the general population, even if your page is harmless –  seeing something like this is generally cause for alarm. I’ve already seen many people spreading the “scare” messages across their profiles and pages, people are scared and would rather browse away than take, what they see as a “risk”, to click on continue.

What that means for Business Fan Pages is fairly obvious – your visitor may not even visit your page, let alone click on your Like button, and even further they may start spreading around to their friends that your page is not secure :

I know, right?

You need to comply quickly – like now – today – before the deadline!

If you host your own welcome page on your own server, there are many different options, possibly some that I don’t even know about yet or are still in development, but generally the following is what many self-hosted fan pages are choosing:

Option 1

Installing an SSL Certificate on your server

  • Get your host to install a Domain-Validated SSL Certificate ($50-$150 + Annual Fee)
    Every SSL certificate requires a domain name and a dedicated IP address and you can only have one IP address per account so only one private SSL certificate per cPanel – so installing a SSL certificate might require you to change server, or your host may not support it at all, so it might mean changing hosts, and your host may charge you an extra monthly or yearly fee on top of that. When you switch IP’s, your website might take up to 8 hours to update around the world so some people may not have access to your site while you switch to a dedicated IP address.
  • Get your host to install a Multi-domain SSL ($150+ per 3 domains + Annual Fee)
    A Multi-domain SSL Certificate supports up to 100 domains with a single certificate.
  • Get your host to install a Wildcard SSL Certificate ($400+ per unlimited sub-domains + Annual Fee)
    A Wildcard SSL Certificate supports unlimited sub-domains with a single certificate.
  • And various other SSL Options including purchasing a SSL Certificate elsewhere that you are probably best to ask your host about first.

Pricing in Brackets above is Hostgator prices (which I paid for) but check out http://www.namecheap.com/ssl-certificates/ for some great bargains on SSL Certificates – just make sure you check with your host that you can purchase the SSL elsewhere and install it on their servers.

Option 2

Using Shared SSL Certificate on your server

I only know how to do this on Hostgator (which I’ll be blogging about in a few minutes) but obviously Hostgator won’t be the only one offering this solution – check with your host about whether they have an existing shared SSL certificate that you can use. If they do – this is the easiest day you’ve ever had, you get the secure address from your existing information and then update it in your Facebook App settings and you’re done. Click here to read the step-by-step instructions for How to make your Facebook Fan Page SSL Secure – For Free with Hostgator.

Secure Canvas URL - Secure Page Tab URL

Option 3

Using a Third-Party Application or Server to serve or host your Fan Page

This one I haven’t really looked into in-depth because I chose to do the above, but there are facebook ssl hosting sites popping up all over the place, from offering to host the “SSL” part of your Fan Page (where you get to keep it hosted where it is and they will just server the secure part), to hosting your entire Fan Page (moving it to their server). I do not intend to update this post with all the options unless I get a client that needs this as a solution, in which case I’ll be sharing my findings here.

Option 4

What I haven’t covered

What I haven’t covered is if you host your Facebook page on Facebook i.e.

  • via FBML (which is not effected by this change – but even though you can add fbml pages via their “backdoor” links, it’s not reliable enough as a permanent solution – what if Facebook remove it completely? You’d be back to square 1!)
  • via WordPress (it gets messy and that’s a blog for the near future)
  • via applications like WildFire, TabPress, etc. (I don’t use them)
  • or via Amazon S3 (looks too time-consuming for me but might be an option for some people if they only have 1 or 2 fan pages).

I also haven’t covered the other code changes that are also required by October 1st (that’s a whole new kettle of fish) but I definitely will be covering this in the future – I just haven’t got a full understanding of it myself yet.

Getting Further Information about Facebook Changes

You can check Facebook’s Developer Roadmap for any changes they might be adding and Facebook’s Developer Blog to get geeky updates specific to Facebook Developers (here is their specific blog post announcement on https).

Other Useful Resources
Penny (PennyButler.com)
Penny (PennyButler.com)

Who are we? What are we doing here? What is the meaning of life? Penny is a truth-seeker, ever-questioning, ever-learning, ever-researching, ever delving further and deeper down the rabbit hole. This site is a legacy of sorts, a place to collect thoughts, notes, book summaries, whilst providing a searchable archive to easily lookup and reference.

14 Comments

  1. Ulf says:

    You forgot to mention the possibility of using free SSL certificates. Check out the following site for more information:

    http://www.lazerwire.com/2011/10/facebook-dev-free-ssl-certificates.html

    1. Penny Butler says:

      Hiya Ulf, I have the guide on how to use the free certificate on Hostgator (and similar hosts) here: http://pennybutler.com/facebook4biz/fan-page-ssl-hostgator/ , but it’s always good to see if there are any other free ways of doing it.

      I just went to your post, and to Jason’s which is the guide you recommended in your post, but it looked a bit (very) confusing for those that don’t know how to setup “chains” and what to do when they see a code like this “openssl req -new -newkey rsa:4096 -days 365 -nodes -keyout example.com.key -out example.com.csr” ?? eh? My eyes went cross-eyed and my brain started to hurt lol..

      .. and for those who don’t know how to configure apache.. maybe you should do a more step-by-step screenshot-by-screenshot guide for what Jason is talking about lol and also.. can you let me know if you have tried the StartSSL certs? Aside from having to renew each year, Jason’s post seems to suggest that it won’t work in Chrome ? I thought “IE” was meant to be the evil browser that people switch away from, he’s suggesting people switch away from Chrome? After Google worked so hard to get those old IE people onto it? hehe :) Yikes! :)

    2. Ulf says:

      Hi,

      You are absolutely right. The free certificates from StartCom are for expert users only or maybe for students setting up their own webserver at home. Chained SSL certificates can be quite tricky to configure. Personally I have not yet used any certificates from StartCom since we normally use certificates from Thawte (http://www.thawte.com/) in our production environment. Our clients require higher security than what is offered by the free SSL certificates.
      Never the less, it is a free option for those who are considering developing a Facebook App on a small budget. For students is also worth mentioning that it is possible to find free webhosting for your Facebook App, both on Linux and Windows servers. Some of them also offer free MS SQL server databases and free shared SSL support (as mentioned in your previous article).
      I have compiled a small list of free webhosting providers at http://www.lazerwire.com/2011/10/facebook-dev-free-webhosting-for-your.html. I’m sure that you can find even more free webhosts by searching on Google.

  2. Alan says:

    Hi, I just came across your post and it gave me great info on ssl. My comment is probably the last one you’ve seen in a long time.
    Anyway, I need some confirmation whether I did it right.
    As you can see I have a Facebook page.

    I got from HostGator a shared SSL https://secure123.hostgator.com/~username/domainname.com/ and inserted this in the Secure Tab URL. Is that all to it?

    I also read that the contents need to be hosted as well to make it completely secure. The people at HostGator did not mention anything about hosting contents.

    BTW, how do I host the fanpage contents when all I did was create the fanpage in Facebook, put in a couple of images, wrote some posts.
    Thank you.

    1. Penny Butler says:

      Hiya Alan,
      If you have a normal (not a reseller) hostgator account, the url should look more like https://secure123.hostgator.com/~jimmy/fbfanpage/
      Yours has the whole domainname.com so I dont think it will work.. it needs to be the path to your fan page, if “jimmy” was my cpanel name, the path already knows which domain name you are on so you don’t need to list it again (unless you have an addon domain).

      If I had an addon domain.. I would have to add the domain folder to the url, i.e. https://secure123.hostgator.com/~jimmy/ADDON-DOMAIN-FOLDER-NAME/fbfanpage/

      If my fan page was http://www.domain.com/myfanpage/index.php then my secure url would be https://secure123.hostgator.com/~cpanelnameformydomain/myfanpagefolder/index.php

      The contents are working fine with the new url for me because I am using relative paths (i.e. image.jpg or ./image.jpg) … but if you have direct url’s to the “domainname.com/image.jpg” then this method is not going to be fun for you because you’ll have to change the images to be the secure url (https://secure123.hostgator.com/~jimmy/images/image.jpg) or relative paths.

  3. Pingback: Jan Kearney
  4. Kenneth says:

    Much appreciated for the information and share!

  5. Pingback: filination
  6. Pingback: Penny Butler
  7. Pingback: Ballarat Marketing
  8. Pingback: Penny Butler
  9. Pingback: Penny Butler
  10. Pingback: Ballarat Marketing

Leave a Reply

Your email address will not be published. Required fields are marked *