I have developed a Facebook app (iframe) for site1.com. site1.com has a valid wildcard SSL certificate (*.site1.com), I have confirmed it here: http://www.digicert.com/help/
On Windows using Firefox (v13) and Chrome (v20.0.1) I can add the app to my Facebook user, authorize it, and it works.
When I try to authorize the app from a Mac using Firefox (v11), I get "This connection is untrusted. site1.com uses an invalid security certificate. The certificate is only valid for the following names: site2.com"
When I try to authorize the app from a Linux Fedora box using Firefox (v12) and Chrome (v20.0.1), I get "This connection is untrusted. site1.com uses an invalid security certificate. The certificate is only valid for the following names: site3.com"
I do own site1.com, site2.com and site3.com. This app is hosted on site1.com, and the Facebook app is configured only to point to site1.com. site2.com is hosted on the same server as site1.com. site3.com is hosted on a completely different server.
Any help is appreciated.