If you already have a custom domain setup on Heroku and you want to add SSL, you need to change your CNAME to point to the SSL version.
CNAME [your subdomain] => [endpoint-name].herokuapp.com
Should probably be changed to:
CNAME [your subdomain] => [other-endpoint-name].herokussl.com
Some clues to this are that you are seeing the
*.herokuapp.com cert being served when you try to access your subdomain via SSL.
Also, I had to remove the subdomain before Heroku would add the SSL cert since I was trying to use the subcustom domain for SSL. If you are putting the SSL on a different subdomain then this is unlikely to affect you. I did initial work without SSL then wanted to add SSL before release.