As all fb apps will require ssl from 1st October, so I guess many have switched to https already. Can someone please write a small tutorial for newbies in ssl like me regarding how to setup ssl and use the https url as the secure canvas url.
Dude, just install an SSL security certificate for your domain (or wherever you're hosting your application content) and update the HTTPS link in the application's settings. You'll be good to go. mixed-secure content warnings are a whole other story, though. When you have outbound links that don't lead to HTTPS-enabled sites, the user will be prompted a mixed-secure content warning before the tab loads. Really annoying problem!
Actually, I don't mean to be contrary, but it should just be included content--not outbound links--that cause the warning. The most common offenders are JavaScripts that are included from external websites, such as jQuery. Your links to outside sites shouldn't be an issue, just anything with a src="http://...