SSL woes

Looking at your Autotune history, if the domain your testing from starts with "square", the padlock issue is not from JFBConnect. It looks to be coming from your RokAjaxsearch module. How do I know? Why No Padlock? tells me so

The file causing the problem is:
v1/modules/mod_rokajaxsearch/themes/blue/search-icon.png

That file actually doesn't exist, which can cause browsers to throw the insecure issue as well. Either fix the CSS or put a placeholder dummy file in that position.

Error
SSL Verification Failed. Set 'Disable SSL Certificate Validation' to Yes in the JFBConnect Configuration
Facebook API Error: SSL certificate problem: unable to get local issuer certificate
Facebook Application configuration could not be loaded. Please check your App ID and Secret Key

This is a completely separate issue. This means that your server is having trouble making outgoing connections to Facebook securely and is unable to verify that Facebook's SSL certificate is valid. To fix this, you'd need to either:
* Contact your host and have them update their Root SSL Certificate store
* Enable that setting for "Disable SSL Certificate Valdiation" in JFBConnect so that your server will ignore certificates it can't fully verify.

I hope that helps,
Alex

I just found that site. Never heard of it myself, but seems pretty slick and (at least) found something.

As for your SSL issue, you mention:

but I still get an issue if I use SSL with Facebook.

What do you mean by this? Is this only in the admin area when running Aututone, or when you enable the JFBCSystem plugin, or something like that? Just trying to narrow down what error you're seeing or issue we're trying to investigate.

Is there an actual error message you see, or is it just that the padlock is still yellow?

Thanks,
Alex

I agree that the padlock issue isn't from JFBConnect. Over the years, we've had a few hard-coded http:// links, but we've been chastised enough over that and don't think there's anything like that now.. We also run strict-SSL on this site, and most of our pages have the green padlock (and the few that don't aren't JFBC's fault!)

I've checked the app ID and secret key, and if I turn off SSL in the Facebook section it all seems to work, I just don't understand why I need to.

The cause isn't your App ID or Secret key. The setting that you're enabling is telling your server (cURL, specifically) that it doesn't need to validate the SSL certificate of Facebook. The error your getting happens when your servers SSL root certificates aren't completely up to date and, when making the outgoing connection to Facebook, the SSL certificate they respond with can't be fully verified.

It has nothing to do with your own SSL certificate on your site. Your outgoing connection to Facebook is also still encrypted. By enabling the setting in our options, though, you're losing a slight bit of security because there could be a 'man in the middle' with a fake certificate posing as Facebook. Chances are unlikely that that's happening, but it's always best to try to narrow down why your server can't validate their certificate (which usually means contacting your host and having them update the root certs).

I hope that helps explain,
Alex

Yes, the problem looks to be on our end. We're looking into the cause, but it looks like one of the newer root certificates that *our* side would use to authenticate your server isn't up to date.

Sorry for the confusion. SSL is always a fun thing to deal with...

Just so you know, I checked your site for all the issues that our Autotune tool would normally detect, and there were no issues found. If you're running into any problems with features or functionality in JFBConnect, just let me know.

Thanks,
Alex

There's nothing you can do. It's not an issue with your site at all. It's completely an issue on our server with not being able to validate the *correct* SSL certificate on your site. We'll need to update our root certificate store to better validate your cert, and it may take a few days to do so.

If you are having any issues, other than checking your site on Social Debug, please let me know, and we'll gladly help investigate.

Thanks,
Alex