I am wondering if this is an issue on our end or Heroku's end. I installed the SSL add-on ($20/month) and got an SSL cert through my universities IT department (changed the name of some details but you get the idea). I followed the steps listed here: https://devcenter.heroku.com/articles/ssl-endpoint
I am getting an error in chrome that says "Your connection is not private" NET::ERR_CERT_COMMON_NAME_INVALID. Then it also says This server could not prove that it is mydomain.edu; its security certificate is from *.herokuapp.com. This may be caused by a misconfiguration or an attacker intercepting your connection.
I've checked my CSR and it has the mydomain.edu as the CN, I've checked the email that came from my schools IT and the email says mydomain.edu.
When I check the heroku certs command I get the following:
$ heroku certs
Endpoint Common Name(s) Expires Trusted
------------------------- -------------------------- -------------------- -------
tokyo-13550.herokussl.com mydomain.edu 2019-04-14 23:59 UTC True
The only issue I can see wrong is the CNAME record. I believe the endpoint changed when I added SSL:
$ heroku certs:add cert.cer private.key --app myapp
Resolving trust chain... done
Adding SSL Endpoint to myapp... done
myapp now served by tokyo-13550.herokussl.com
Certificate details:
Common Name(s): mydomain.edu
Expires At: 2019-04-14 23:59 UTC
Issuer: /C=US/ST=MI/L=Ann Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA Server CA
Starts At: 2016-04-14 00:00 UTC
Subject: /C=US/postalCode=myzip/ST=mystate/L=mycity/street=myaddress/O=myorginization/OU=Certificate Management/CN=mydomain.edu
SSL certificate is verified by a root authority.
I initially was running the app without SSL and we setup a CNAME record with this endpoint:
us-east-1-a.route.herokuapp.com
I believe that if we update the CNAME record from the US to the Tokyo one then the SSL issue will be solved, my IT department believes I installed the cert wrong or it is using the old cert since it says *.herokuapp.com instead of referencing mydomain.edu.