Heroku SSL "certificate is only valid for the following names: *.herokuapp.com, herokuapp.com"

Question

I'm trying to setup a Geotrust SSL certificate for my Heroku app using the SSL Endpoint addon and the instructions at https://devcenter.heroku.com/articles/ssl-endpoint.

I generated my public key from my private key using:

openssl rsa -in server.orig.key -out server.key

and added to the heroku certs:

heroku certs:add server.crt server.key

Everything seemed to be fine. heroku certs listed the corrected information only with Trusted = false for my certificate.

If I go to https://tokyo-2121.herokussl.com the browser says:

You attempted to reach tokyo-2121.herokussl.com,
but instead you actually reached a server identifying itself as www.mydomain.com.

As expected with the certificate apparently identifying the correct domain, but When I set up the CNAME to the given tokyo-2121.herokussl.com and visit my subdomain the browser says:

www.mydomain.com uses an invalid security certificate.

The certificate is only valid for the following names:
*.herokuapp.com , herokuapp.com

If I run curl -kv https://www.mydomain.com

I get: subjectAltName does not match www.mydomain.com

Answer 1

I tried the process again, it seems my mistake was in this step:

openssl rsa -in server.orig.key -out server.key

I already had the private key in server.orig.key and didn't need to generate it. I just needed to attache my Geotrust .crt and .key files to the heroku ssl endpoint.