I've been googling for the past hour on this but can't quite get it nailed down. Perhaps you guys can assist here!

Here's what I'm trying to do:

Old site is:

old.tld

New site is:

new.tld

A bunch of folks access one particular legacy url on the old site via SSL, i.e.:

https://www.old.tld/old_url

I've just setup a brand new site on Heroku, running Rails 3, on the new domain.

I also have installed Heroku's SSL Endpoint Add-on and am using a new secure subdomain:

secure.new.tld

I've got a bunch of redirects & constraints in my Rails routes.rb to redirect old -> new and pass the appropriate requests. Everything works perfectly for the non-SSL stuff.

The only thing I can't seem to get working properly is the redirects of

https://www.old.tld/old_url -> https://secure.new.tld/new_url

Safari doesn't seem to mind, but Chrome is throwing a "This is probably not the site you are looking for!" error. It says (only when trying via SSL):

"You attempted to reach www.old.tld, but instead you actually reached a server identifying itself as secure.new.tld" Etc.

(which is exactly what I want, but Chrome doesn't seem to approve ;)

Any thoughts on how to properly configure?

The seamless solution it is to get a SAN (Subject Alternative Name) certificate that has both the old name and the new name.

Another way is to insert a non-secure request in between the two secure requests: redirect from https://www.old.tld -> http://secure.new.tld -> https://secure.new.tld. I haven't actually tested this, but it should work in theory. If it doesn't "just work", then you might try adding an actual page at http://secure.new.tld with a message and a link to https://secure.new.tld.