Using SSL with Your RSS Feeds

Article sections

    When Google announced their push to fully embrace secure websites and eventually begin to decrease the ranking of any non-secure site, the world took notice. Since then, other providers, services, even browser developers have joined the march to securing the internet.

    With that, Apple Podcasts/Apple Podcasts and other podcast directories have begun to strongly encourage the use of SSL on RSS feeds, while others outright require it.

    What is SSL?

    There are a few terms worth understanding in order to then understand what you need for your podcast’s online properties. Let’s define some of those terms.

    SSL

    SSL, or Secure Socket Layer, was a protocol based on cryptography whose purpose was to encrypt data between two applications. Most people, when referring to security online, still reference SSL. However, SSL was replaced with TLS.

    TLS

    TLS, or Transport Layer Security, is the current cryptography protocol in use. This protocol will encrypt data between two applications, typically, we think of these applications as the web browser, and the web server software. That said, this can be used in other applications as well, such as email, or even podcast applications.

    For example, a website secured with an SSL certificate will encrypt data during your visit on that site between your web browser and the web server. It does not encrypt data ON the server itself. Data that gets stored on the server is encrypted using other means.

    SSL Certificate

    An SSL certificate is an electronic document that includes important information (which is not human readable) which is used as proof to whatever application is asking that this site or this thing is who it says it is, and is to be trusted.

    SSL certificates can be purchased from a certificate authority, or a CA reseller. pair Networks offers a range of certificate options which can be found here.

    I need a secure RSS feed for my Podcast. How do I get one?

    If you are hosting at Libsyn and using the Libsyn generated RSS feed URL, your RSS feed is already available securely. You can call your site using HTTP or HTTPS, they both will work. For example:

    http://thefeed.libsyn.com/rss

    Non-Secured RSS Feed

    https://thefeed.libsyn.com/rss

    Secured Feed

    Note: If you are using a custom domain, please reach out to our support staff for assistance.

    I host my own RSS feed. How do I secure that feed?

    This will depend on how you are generating your RSS feed. In most cases, the RSS feed is tied to your website. Setting up the SSL certificate on your site would then cover your RSS feed as well.

    Double check with the software used to generate the feed, and with your web host to make sure your secure configuration for your feed is correct.

    Will Apple Podcasts require a secured RSS feed?

    Apple Podcasts currently encourages, and accepts RSS feeds, but does not yet require them. Libsyn is working with the team at Apple Podcasts, as well as internally, to ensure any feed that was submitted using a non-secure URL can be converted to a secure URL without any negative affect on your audience.

    I need a secure website. How do I get one?

    If you are using Libsyn’s Podcast Page, similar to the RSS feed, simply calling the page securely using ‘HTTPS’ will give you what you are looking for. For example:

    http://thefeed.libsyn.com

    Non-Secured Podcast Page

    https://thefeed.libsyn.com

    Secured Podcast Page

    Note: If you are using a custom domain, please reach out to our support staff for assistance.

    Libsyn currently does not force SSL ((meaning only “https” can be used, “http” would automatically redirect to “https”). Both non-secure and secure will be accessible on Libsyn URLs.

    If you need assistance with your podcast page, reach out to support@libsyn.com.

    If you have your own website, then you will need to do a few things to enable an SSL certificate on that site.

    1. Purchase an SSL certificate from a Certificate Authority
    2. Contact your web hosting provider and request they install your certificate on your site
    3. Make sure every image, asset, and internal link is called securely (otherwise you will get an error visiting the site in your browser regarding the certificate setup)
    4. If you wish to force SSL, you will need to setup redirects to do so, which your web hosting provider can assist you with.

    Have your own website? pair Networks can assist with procuring, installing, and configuring your SSL certificate if you host with them. Contact pairssl@pair.com to get started.

    in Podcast ProducersPublishing Destinations
    Close Menu