I have tested Start SSL certificates, and they work fine on all browsers in Windows XP, and even most mobile handsets. I did not find any advantage in low-end certs (

I tested on:

Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 Firefox 6 Google Chrome Safari Android browser Android Opera Nokia Symbian opera Iphone browser Blackberry browser

You may be able to use a Self Signed certificate but it will throw up browser warnings because your certificate isn't included in the ones that are trusted. To get a proper certificate you need to pay and get one through a Certificate Authority

According to this forum post on the FB Developer Forums you should be able to:

Facebook has not set up any requirements for the SSL certificate, but in the interest of your users not being showed an invalid signature dialog (It's looking pretty dangerous in firefox, while it's not dangerous at all having a self-signed cert) you should get a certificate for somewhere around 10$/Yr.

However the wording on the Developer Roadmap suggests that you actually need to obtain a certificate. You could get the minimum required certificate for about $10/year and could save quite a few headaches

I have written a proxy which can be run in heroku.com and this will show your app in an ssl domain like https://your-app.herokuapp.com

Fortunately this problem is now solved with the free LetsEncrypt certificate. Hail the end of the SSL corporate maffia! :) https://letsencrypt.org/