I have purchased an SSL certificate and installed it to my Heroku app.

However when I try to access my site via https, Chrome reports that:

The identity of this website has not been verified. • Server's certificate does not match the URL.

Other browsers report a similar message.

Inspecting the certificate information in Chrome shows that my site is still using Heroku's certificate, issued by Digicert (instead of my own CA).

Any ideas as to what I could be missing?

The problem had to do with an incorrectly set DNS record.

As per the documentation (...), once the certificates are uploaded to Heroku, do:

heroku certs

This provides you the correct end point for the SSL enabled domain. This is a domain that looks like "tokyo-2121.herokussl.com".

Next, go to your DNS service provider and update/add the CNAMe record for the SSL enabled domain to point to "tokyo-2121.herokussl.com".