When you access your Heroku application via its configured custom domain you receive a browser error about a Certificate Mismatch
This error can occur for a number of reasons.
Incorrect DNS configuration
Provisioning SSL involves updating your DNS configuration to point at the new herokussl.com address (US region only). Incorrect configuration will cause a 'Certificate Mismatch Error' as your browser will still be receiving the wildcard herokuapp.com cert we provide by default.
DNS Provider is Performing the Redirect
While a redirect (typically at the root domain, eg mydomain.com) will work for http requests if you attempt to access https://mydomain.com then your DNS provider will not have a valid certificate for your domain and a 'Certificate Mismatch Error' or a 'Connection Failed' error would be displayed by your browser. If you wish to use root domains and SSL then you need to use a DNS provider that supports using CNAMEs at the root level and perform the redirect at the application level.