CODEWITHSUNDEEP
phpfacebookssl
user1793721
user1793721

Reputation: 29

Facebook app user reporting wrong ssl but we can not replicate

We have created a facebook app for competition entries to fall in line with facebooks T&C's. It has been running for a few months without any issues but only having a small number of entries.

We recently increased the prize and have seen the number of entries rise by over 900%. The app would only continue if you had liked the our company page but suddenly we had reports of poeple saying they liked the page but couldn't continue. The easiest solution was to remove that code for the time being.

This seemed to solve most peoples issues but someone has reported back stating that their browser reported back saying the content was insecure because of a self signed ssl. The SSL installed is alpha ssl and when we connect it is the certificate we recieve. our host is a plesk parallels panel and this guy is receiving the standard self signed certificate but we cannot replicate.

what I want to know is if there is anyway of the certificates conflicting or browsers caching them or any ideas on resolving this.

Upvotes: 2

Views: 125

Answers (1)

Shane Fright
Shane Fright

Reputation: 385

There is no browser thing that will come up that tells you a certificate is "self signed" that i know of. First off confirm that your SSL is setup properly using a tool like this:

http://www.sslshopper.com/ssl-checker.html

So long as everything passes there what it sounds like you are describing is that there is insecure content being rendered on your secure page. Different browsers treat this differently. In Chrome for example, you simply get a warning icon to the left of the address bar, however last time i checked IE8/9 will give you a pop up error message before letting you continue to load the rest of the page.

For example on your page:

https://www.example.com/

You are including jquery from Google's CDN with the tag: 

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js"></script>

Users in some browsers will receive the error message i described. If you change the path to https:// or remove the scheme entirely and just use //ajax.google..... you will be fine.

Upvotes: 1

Related Questions