I am having the same issue as this ticket but it has not resolved over the past 5 days, so unlike this user I am not sure if it's a DNS issue or not. I am posting my version of the question since the answer to the other was "it resolved it's self" (which is not happening in my case).
Heroku: SSL Endpoint - subjectAltName does not match www.mydomain.com
I get this:
> heroku certs
Endpoint Common Name(s) Expires Trusted
------------------------ ---------------------------------- -------------------- -------
<xxx>.herokussl.com www.mysite.com, mysite.com True
So it seems like the cert is looking at the right site.
Like the other user I ran this and it's telling me the site is wrong.
> curl -kvI https://www.mysite.com
* About to connect() to www.mysite.com port xxx (#0)
* Trying ...
* connected
* Connected to www.mysite.com (...) port xxx (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Heroku, Inc.; CN=*.herokuapp.com
* start date: 2011-04-11 00:00:00 GMT
* expire date: 2014-04-15 12:00:00 GMT
* subjectAltName does not match www.mysite.com
Also, wanted to add, that if I go to https://.herokussl.com (from the endpoint), I get an error of "Heroku | No such app".
What I don't understand is how Heroku' SSL setup works exactly and there seem to be a lot of new moving pieces.
It looks to me that it's not picking up my certificate when it does the handshake and is picking up Heroku's and not my cert. Is this a correct read of the output?
What does the herokussl.com site do?
Thanks, Renderbox
