I'm trying to setup a Geotrust SSL certificate for my Heroku app using the SSL Endpoint addon and the instructions at https://devcenter.heroku.com/articles/ssl-endpoint.
I generated my public key from my private key using:
openssl rsa -in server.orig.key -out server.key
and added to the heroku certs:
heroku certs:add server.crt server.key
Everything seemed to be fine. heroku certs listed the corrected information only with Trusted = false
for my certificate.
If I go to https://tokyo-2121.herokussl.com
the browser says:
You attempted to reach tokyo-2121.herokussl.com,
but instead you actually reached a server identifying itself as www.mydomain.com.
As expected with the certificate apparently identifying the correct domain, but When I set up the CNAME to the given tokyo-2121.herokussl.com
and visit my subdomain the browser says:
www.mydomain.com uses an invalid security certificate.
The certificate is only valid for the following names:
*.herokuapp.com , herokuapp.com
If I run curl -kv https://www.mydomain.com
I get: subjectAltName does not match www.mydomain.com
Best Answer
I tried the process again, it seems my mistake was in this step:
I already had the private key in server.orig.key and didn't need to generate it. I just needed to attache my Geotrust .crt and .key files to the heroku ssl endpoint.