October 1st, 2011 is the deadline for Facebook apps to use secured URLs. So… this is an app thing right? What has that got to do with you and your Facebook Pages?

Here’s what. If you have created custom tabs for your Pages and you host these customized tabs yourself; Or, if you used a WordPress plugin to create content for your Page, guess what? You most likely have created a Facebook app. You didn’t know you were a developer did you 😉

How to be sure?

Step 1: Go to your own Facebook Page. Take a peek at the tabs (links) down the side on the left. Are there any tabs there that you created yourself?

If there are and you used a Facebook app to create it – and you are pretty sure you didn’t create this app then go ask the app creators or check out their pages and web site to see if they have taken steps to support this change. They should.

If you still have no idea whether you are hosting the content on the tab yourself, using Firefox or Chrome, click on the tab. Right click anywhere on the tab content – make sure it’s not on the Facebook portions – select “Open Frame In New Tab“.

On Chrome it would be “View Frame Source”

You’ll see your content or the source of that content in your browser. Take a look at the URL in the address bar. If it is your site – bingo! You need to make this page secured.

Oh no! Now what?

Relax it is truly not as difficult or scary as you might think.

Step 2: Determine which domain the page lives on, then go purchase an SSL certificate for that domain. You can purchase this anywhere really. I purchased ours through our web host. So the best people to ask is them. There is no need to spend hundreds for a top level cert here. Get the most basic one.

SSL certs get really expensive if you want wildcard SSL and extra checks on your business. Wildcard SSL certs is for when you want it to work on both www, non-www and any sub-domains you have or may create in the future.

For something like this is not necessary. Pick with or without www and remember to stick to it because https://yoursite.com and https://www.yoursite.com are not the same thing for SSL certs.

You also need to purchase a dedicated IP from your host. There is no way around this. All SSL certs have to run on a dedicated IP. In short there will be an extra expense involved every month some hosts only charge a couple of dollars extra and some charge more. Bottom line – get up with your host, have them install both. You really do not want to do this yourself.

Once a certificate is purchased, you may be asked to verify or complete some information that is normal and required. After all, that’s the point of a secured certificate, that your information is verified by a third party and hence much more trustworthy and those without.

Got it! What’s next?

Step 3: This will be easy. Go to Facebook developers. This is a direct link to your apps. Click on the app that is used to display the custom tab.

Then,  Edit App.

Scroll to where it says Page Tab. In the box next to Secure Page Tab URL – simply change out http to https. If you have a canvas that refers to your site, you’ll have to do that for the Secure Canvas URL box too.

Save your changes.

Check it

Step 4: Make sure you test it. I like to open up a browser I rarely use – like Internet Explorer :-), clear all the browser cache, saved information, and certificate caches. Then visit my Page and click on the tab in question. You don’t have to do that of course but doing all that lets me start from fresh and simulate a user who has never been to my sites or Page before.

If there are no complaints from your browser about some information is secured and others are not then you’re good.

Multiple tabs and domains

What if you have multiple pages with a bunch of different tabs hosted on several domains? You have two choices. Purchase a cert and IP for each of those domains (ouch!) or you can simply think ahead before starting everything and purchase a certificate only for one domain. Then host all your Facebook Page tabs on that domain. The down side to that is, if you’re using a WordPress plugin, the SSL will only work on the domain you purchased the certificate for.

Unfortunately, there is some thinking and planning to be done 🙁 here but a secure certificate is always a good thing. Especially if you sell stuff and host the cart yourself. Here’s an idea. You could also turn your paid content areas like the download or members’ area into secured pages. Not many membership sites do that but your members might appreciate you if you did.