I’ve had this problem and in my case it is because my certificate is self-signed and rejected as being ‘unsafe’ by curl.
My quick and dirty fix was to turn off the certificate checking by adding the following option to CURL_OPTS$ in facebook.php:
CURLOPT_SSL_VERIFYPEER => false
Ideally, I would prefer to be able to specify a folder into which the client certificate could be placed (as per accepting the SSL exception in a modern browser) so that the verification doesn’t need to be turned off.
