Be Warned: Facebook And The SSL

If you have any custom hosted content hosted outside of Facebook (since the switch Facebook made from FBML to iFrame, that probably means most of you), then you may or may not know that from 1 October 2011, ALL Facebook content must be hosted on secure SSL certified servers.

Right now, a lot of users log in to Facebook with secure connections and if your content isn’t covered by a secure server, they receive a message saying your connection is insecure.

Bear in mind, that is a big company – Carlsberg – one of the best known names in the alcohol industry and even they’re not ready for the switch over yet – so don’t feel too bad if you haven’t started getting ready.

But given everything you hear on a near daily basis about Facebook data security and privacy, if the words ‘Turn off secure” flash up before a user’s eyes, they MIGHT well click on that continue button and carry on, or they MIGHT decide to keep their security and you lose the customer and the like.

All over a small change you haven’t made yet. Well in a nutshell, here is what you need to know:

  • The changes are coming into effect on 1 October 2011 so you need your custom, externally hosted Facebook content sorted out before then.
  • The domain you are hosting your Facebook content on will need a valid SSL certificate.
  • You will need to use the ‘Secure Canvas URL’ and ‘Secure Tab URL’ in the app development section to keep your content working
Those are the basics really – make sure you have your SSL certificate ready before 1 October 2011 and get your app settings updated to use the secure URL.
If you’re not sure what you need to do or whether you’re in the clear, drop us a quick message and we will point you in the right direction and get you there for free.

As always, if you think this info might be useful to someone else – your friends, colleagues, networks, social networks, please remember to retweet, share on Facebook and update on Linkedin. We’d love to help as many people as possible avoid these silly little mistakes which can trip you up.

Check Also

Real Time Business Building – Part 2 – 16 June 2013

If you missed part 1 of this series, make sure you check it out. So …


  1. How do you test this like you did on Carlsberg’s website?

    • When you’re on Facebook, in the top right, click the drop down arrow and find account settings.

      Then go to security settings on the left hand tab. The first option on there is about secure browsing. Make sure it is enabled. That way you will be able to see which apps and pages are and aren’t on SSL certified hosting. 

      Feel free to let me know if you have any more questions.

  2. This appears not too have happened, do you know why not? I use Satic HTML: iframe tabs that use images that link to a non SSL domain. I can also find nothing on Facebook that supports what you are saying – do you have a link to official Facebook info concerning this?

  3. Your page is so fantastic! Its a great pleasure reading your post. Its full of information I am looking for and I love to post a comment on the blog..

  4. Thank you you guys are discussing here nice topic…I am feeling great after reading this kind of blog.Nice information…thank you so much…..

  5. What is mean by SSl how this  involved in technologies.