Facebook requires a SSL hosting for OAuth apps
Since October 2011, Canvas apps and page tabs have to use OAuth 2.0 and a SSL hosting.
A SSL certificate must then be installed on your host. A 3 factors' authentication certificate is perfectly adapted.
More information about OAuth 2.0 here: https://developers.facebook.com/docs/oauth2-https-migration/
Which certificate for your Facebook app?
In fact, Facebook accepts any kind of SSL certificate, including self-signed certificates (the self-signed certificate of Plesk for example). Yet, the browser, identifying a self-signed certificate, display an error message indicating the data is not secured.
It is then better to choose a 3-factor certificate (or higher) to prevent your users to be disturbed.
We advise the use of a 3-factor certificate, ideal for that kind of need:
http://www.tbs-certificats.com/comparatif_certificat_serveur_ssl_40_bit.html
EDIT 20150807
Facebook announces that as of October 1st, 2015, all websites called from Facebook will have to be secured with SHA256-signed SSL certificates. The company then complies with the CA/B Forum recommandations, forbidding the use of SHA1 certificates after 2017.