If you have created a custom tab or app for Facebook, and your tab or app displays content hosted on a server other than Facebook, you may be in for a rude surprise.
In an effort to protect its users with an added layer of security, Facebook has been pushing users to use https or secure browsing when using the site. And as of October 1, 2011, Facebook requires that all Page admins using custom tabs or apps obtain an SSL certificate. This SSL or “Secure Socket Layer” certification encrypts data online. It’s intended to protect users so that their information is not sent over insecure connections.
The announcement caught many unaware. It seems that small businesses and entrepreneurs, in particular, were not aware or only just are becoming aware in the past week as discussion has heated up. And now the deadline has passed.
So what is the current situation?
For a while there was some speculation that the deadline was being extended. However, that is not the case.
Facebook’s Developer Blog has an update stating that now that the deadline has passed, it will work to develop a new plan for limiting the distribution of custom pages and tabs that haven’t provided SSL. Translation: soon you won’t be able to display your custom tab or app to your audience without having an SSL certificate.
In the meantime, visitors to your custom tab or users of your Facebook app may see a message something like this:
Not very confidence inspiring in your Facebook page, right?
Who Is Affected?
Most of the big corporations using Facebook seem to have known about the requirement, but small businesses, especially those without in-house technical help, seem to be left in the dark. Cartoonist Mark Anderson of Andertoons  was unaware that he was required to obtain SSL for his custom Facebook tab  when we contacted him last week:
“I had no idea Facebook was requiring this, and frankly this is a problem I don’t have the time to address. I’d love to do more on Facebook, but it’s my least favorite of the social media [because of] problems just like this.”
Recap of the situation:
- If the Facebook Page or app you’ve created hosts custom code from somewhere other than on Facebook, you will have to comply if you don’t already. This means that if you created your own tab, such as a welcome tab, or your Web designer did it for you, you may need to follow the instructions here . Contact your Web developer who created the app or tab, or contact your hosting company to get an SSL certificate added.
- Any tab created through Facebook’s platform is secure and will show up normally. If you just used Facebook’s tools alone you should be fine.
- If you used a third party app or service like Pagemodo to create a custom tab on your Facebook page, you are probably OK. Most of the third party providers comply already – as Pagemodo indicates in this blog post. But check your third party provider to be sure.