Yes, New SSL Requirements for Custom Facebook Tabs / Apps Now in Effect

If you have created a custom tab or app for Facebook, and your tab or app displays content hosted on a server other than Facebook, you may be in for a rude surprise.

In an effort to protect its users with an added layer of security, Facebook has been pushing users to use https or secure browsing when using the site.  And as of October 1, 2011, Facebook requires that all Page admins using custom tabs or apps obtain an SSL certificate.   This SSL or “Secure Socket Layer” certification encrypts data online. It’s intended to protect users so that their information is not sent over insecure connections.

The announcement caught many unaware. It seems that small businesses and entrepreneurs, in particular, were not aware or only just are becoming aware in the past week as discussion has heated up. And now the deadline has passed.

So what is the current situation?

For a while there was some speculation that the deadline was being extended.  However, that is not the case.

Facebook’s Developer Blog has an update stating that now that the deadline has passed, it will work to develop a new plan for limiting the distribution of custom pages and tabs that haven’t provided SSL.  Translation:  soon you won’t be able to display your custom tab or app to your audience without having an SSL certificate.

In the meantime, visitors to your custom tab or users of your Facebook app may see a message something like this:

SSL Certificates for Facebook Pages

Not very confidence inspiring in your Facebook page, right?

Who Is Affected?

Most of the big corporations using Facebook seem to have known about the requirement, but small businesses, especially those without in-house technical help, seem to be left in the dark. Cartoonist Mark Anderson of Andertoons was unaware that he was required to obtain SSL for his custom Facebook tab when we contacted him last week:

“I had no idea Facebook was requiring this, and frankly this is a problem I don’t have the time to address. I’d love to do more on Facebook, but it’s my least favorite of the social media [because of] problems just like this.”

Recap of the situation:

  • If the Facebook Page  or app you’ve created hosts custom code from somewhere other than on Facebook, you will have to comply if you don’t already. This means that if you created your own tab, such as a welcome tab, or your Web designer did it for you, you may need to follow the instructions here. Contact your Web developer who created the app or tab, or contact your hosting company to get an SSL certificate added.
  • Any tab created through Facebook’s platform is secure and will show up normally. If you just used Facebook’s tools alone you should be fine.
  • If you used a third party app or service like Pagemodo to create a custom tab on your Facebook page, you are probably OK. Most of the third party providers comply already – as Pagemodo indicates in this blog post. But check your third party provider to be sure.

More in: 8 Comments ▼

Susan Payton Susan Payton is the Communications Manager for the Small Business Trends Awards programs. She is the President of Egg Marketing & Communications, an Internet marketing firm specializing in content marketing, social media management and press releases. She is also the Founder of How to Create a Press Release, a free resource for business owners who want to generate their own PR.

8 Reactions
  1. There are a couple of options that don’t force the Page owner to pay for an SSL certificate which is especially helpful for folks who don’t already have a hosted domain.

    1. Use one of the iframe apps instead of the developer app. Many of the better ones offer secure hosting for the HTML. Some even offer secure hosting for images. I personally recommend the Static HTML app.

    2. Set up an Amazon S3 account. It’s free for the first year and then only costs pennies a month thereafter.

    3. Use Dropbox. They give you 2GB of storage for free which is more than enough. You can put anything that is on your page like graphics, photos, and videos in the public folder of your Dropbox and then use the provided public link in your iframe page.

  2. Thanks you for this important information, Susan.

    I heard about it a couple of weeks ago, I think, but being a one-man-show and all, I forgot.

    I’ll be back in a bit.

    Checking my Facebook Pages…

    The Franchise King®

  3. I’m personally tired of all the changes with Facebook, just like many people. But it’s one of the biggest social networks so what can we do? I like Facebook just the way it is so why does it keep changing? Here’s some encouragement for all those who feel frustrated by all the Facebook changes, like myself… [Billy Joel…guess which song it is?]

  4. The iframes app at provides an iframe SSL version and is fully compliant with all of the recent Facebook changes. Includes a free version too.

  5. Question: I just upgraded all of my tabs to meet the SSL requirements. However, today I received a warning the 3 of my apps dont have secure browsing and will soon be turned off, those apps are: Photos, Events and Questions. Isnt facebook responsible for the upgrade on these apps? c’mon……

  6. I also find these changes super annoying. But then again, change is the only constant. Thanks for this informative piece.

  7. SSL companies and facebook, now everyone is happy except the app developers.