Facebook Pages SSL Deadline Approaches
This is not “new” news, but one that many internet marketers and Facebook Fan Page owners have been worried about for a few months now. Basically, Facebook is going to require that all Facebook Fan Pages (with Canvas apps, ie: Welcome Pages) and Applications have a valid SSL Certificate if they are hosted outside of Facebook.
Apparently more than 9 million Facebook users have already switched to secure browsing (Account > Account Settings > Security > Secure Browsing) so are already starting to see something like this when they visit a Facebook page or Application that has not yet switched to SSL:
For the general population, even if your page is harmless – seeing something like this is generally cause for alarm. I’ve already seen many people spreading the “scare” messages across their profiles and pages, people are scared and would rather browse away than take, what they see as a “risk”, to click on continue.
What that means for Business Fan Pages is fairly obvious – your visitor may not even visit your page, let alone click on your Like button, and even further they may start spreading around to their friends that your page is not secure :
I know, right?
You need to comply quickly – like now – today – before the deadline!
If you host your own welcome page on your own server, there are many different options, possibly some that I don’t even know about yet or are still in development, but generally the following is what many self-hosted fan pages are choosing:
Installing an SSL Certificate on your server
- Get your host to install a Domain-Validated SSL Certificate ($50-$150 + Annual Fee)
Every SSL certificate requires a domain name and a dedicated IP address and you can only have one IP address per account so only one private SSL certificate per cPanel – so installing a SSL certificate might require you to change server, or your host may not support it at all, so it might mean changing hosts, and your host may charge you an extra monthly or yearly fee on top of that. When you switch IP’s, your website might take up to 8 hours to update around the world so some people may not have access to your site while you switch to a dedicated IP address.
- Get your host to install a Multi-domain SSL ($150+ per 3 domains + Annual Fee)
A Multi-domain SSL Certificate supports up to 100 domains with a single certificate.
- Get your host to install a Wildcard SSL Certificate ($400+ per unlimited sub-domains + Annual Fee)
A Wildcard SSL Certificate supports unlimited sub-domains with a single certificate.
- And various other SSL Options including purchasing a SSL Certificate elsewhere that you are probably best to ask your host about first.
Pricing in Brackets above is Hostgator prices (which I paid for) but check out http://www.namecheap.com/ssl-certificates/ for some great bargains on SSL Certificates – just make sure you check with your host that you can purchase the SSL elsewhere and install it on their servers.
Using Shared SSL Certificate on your server
I only know how to do this on Hostgator (which I’ll be blogging about in a few minutes) but obviously Hostgator won’t be the only one offering this solution – check with your host about whether they have an existing shared SSL certificate that you can use. If they do – this is the easiest day you’ve ever had, you get the secure address from your existing information and then update it in your Facebook App settings and you’re done. Click here to read the step-by-step instructions for How to make your Facebook Fan Page SSL Secure – For Free with Hostgator.
Using a Third-Party Application or Server to serve or host your Fan Page
This one I haven’t really looked into in-depth because I chose to do the above, but there are facebook ssl hosting sites popping up all over the place, from offering to host the “SSL” part of your Fan Page (where you get to keep it hosted where it is and they will just server the secure part), to hosting your entire Fan Page (moving it to their server). I do not intend to update this post with all the options unless I get a client that needs this as a solution, in which case I’ll be sharing my findings here.
What I haven’t covered
What I haven’t covered is if you host your Facebook page on Facebook i.e.
- via FBML (which is not effected by this change – but even though you can add fbml pages via their “backdoor” links, it’s not reliable enough as a permanent solution – what if Facebook remove it completely? You’d be back to square 1!)
- via WordPress (it gets messy and that’s a blog for the near future)
- via applications like WildFire, TabPress, etc. (I don’t use them)
- or via Amazon S3 (looks too time-consuming for me but might be an option for some people if they only have 1 or 2 fan pages).
I also haven’t covered the other code changes that are also required by October 1st (that’s a whole new kettle of fish) but I definitely will be covering this in the future – I just haven’t got a full understanding of it myself yet.
Getting Further Information about Facebook Changes
You can check Facebook’s Developer Roadmap for any changes they might be adding and Facebook’s Developer Blog to get geeky updates specific to Facebook Developers (here is their specific blog post announcement on https).
Other Useful Resources
- S3Browser.com – How to Host an Entire Website on Amazon S3
- Hyperarts – Facebook Secure Browsing (HTTPS), iFrame Tabs & Mixed Content Warnings – April 18th, 2011
- Hostgator – What type of SSL / Secure Certificate do I need?