Today, in the wake of daily data breaches, everyone from website admin to network security experts to millions of users around the world are worried about the security of their private data. 2014 seems to have become the year of data breaches, as millions of users’ login credentials and sensitive information have been stolen via attacks. In the fight against breaches, it’s all about web security.
Facebook planned to Enhance better user security
Social networking giant Facebook is also worried about its users’ security, which is why, back in May 2011, Facebook announced that every site and app has to migrate to oAuth 2.0 by Sep 1, 2011, & to HTTPS (Validation with an SSL certificate) by Oct 1, 2011.
Basically, all Facebook applications must be secured with oAuth 2.0 and an SSL certificate.
Why is SSL Certificate prerequisite for Facebook Apps?
Every individual web platforms request their users for credentials when they try to access any social networking websites or other websites with credentials. However, visiting websites contain suitable SSL certificate security installed then it would be more comfortable and flexible environment to users for their future transactions over the web. The strong and the toughest encryption algorithm prevent unauthorized access while communicating any web platform through credentials on the Internet.
Facebook Application priority request user’s data such as name, email address, birth date, etc… and all those information crucial as per user’s perspective and the user always believes their information security on the priority before they involve their self into applications. Facebook has already started its new revolution and it’s called “Each Facebook App must be secured with HTTPS”.
Which SSL certificate is required for my Facebook App?
This question may arise in every Facebook app developer’s mind when deciding which SSL will be best for their app. There are many SSL certificates available on the market, so you’ll want to make sure to choose the right one to run your app successfully.
Selecting the perfect SSL certificate for your Facebook application depends on the location of the directory.
(1) If a Facebook app is in Sub-Directory
If your Facebook application is located in the subdirectory (Such as: yourdomain.com/fb-app-1,yourdomain.com/fb-app-2, yourdomain.com/fb-app-3, etc…).
Technically, Domain Validated (DV) SSL certificates protect any sub-directory based Facebook Application as per security industry experts.
(2) If a Facebook app is in subdomain
If you own multiple Facebook apps and you have located all apps in subdomains (Such as fb-app-1.yourdomain.com, fb-app-2.yourdomain.com, fb-app-3.yourdomain.com, etc…) then you required a wildcard SSL Certificate as you need to protect all your sub-domains with a single certificate.
As per web security analyst, the applications located in the formation of sub-domains were secured by COMODO PositiveSSL Wildcard or RapidSSL Wildcard Certificate. Both of this Certificate Authority (CA) had already secured plenty of Facebook Applications with hardest has an algorithm of 256 bit. They are being trusted to all 99.99% mobile and desktops based web browsers.
(3) If a Facebook app is with multiple domains
If you own multiple Facebook apps which hosted with different names &located in different locations (such as yourdomain-1.com/fb-app1, yourdomain-2.net/fb-app2, yourdomin-3.apps/fb-app4, etc….) of your server, then you must need an SSL which offers the security of both multiple domains & subdomains.
Comodo UCC (Unified Communication Certificate) or Comodo Positive Multi-domain Wildcard SSL Certificate is a perfect choice, users allow to secure a single fully qualified multiple domains and unlimited sub-domains.
(4) Facebook Applications that handles transaction process
If you have a Facebook application that handles transactions and/or processes sensitive data, then we would recommend a higher security SSL certificate that also provides more apparent trust indicators, such as an EV SSL Certificate.
We would suggest either a Comodo EV SSL or a GeoTrust True BusinessID with EVSSL Certificate.
How do I secure my Facebook Application?
Before setting up your SSL certificate into your Facebook application, please make sure you have completed following:
- Ensure that your new certificate has been issued by a trusted Certificate Authority (CA). This also means that your certificate is “active.”
- Make sure you generate a CSR Code – which will come from your server. For more information on CSR Generation and tool – click here.
- Allocate a Dedicated IP address (You app must be hosted on a dedicated IP address) for your application
- Install SSL certificate on your server.
Here’s the SSL Certificate installation guide for Different servers and OS that may help you to install SSL – https://cheapsslsecurity.com/blog/ssl-certificate-installation-guides/
Once SSL certificate installation process completes, the very next process is copied Canvas URL and Page Tab URLs.
Securing you Facebook Canvas URL& Page tab URL.
- First login to your Facebook account and visit https://developers.facebook.com.
- Click on the Apps tab and select the App that you wish to secure
- Now click on Settings
- Here in Facebook Canvas update the Secure Canvas URL with the server location of your application.
- Now move to Page Tab, here you need to update the Secure Page Tab URLwith server location of your index file.
What if my Facebook App is not secured using SSL Certificate
Facebook has already announced, every application must have a secure connection with HTTPS (validated with SSL Certificate) in every category of applications. However, the app without HTTPS connection will be placed into the sandbox as per Facebook Application Guideline, and the following application without SSL certificate will not update to live status until it migrates to Auth 2.0 & HTTPS.
