Recently Google has been contacting folks about custom domains at WordPress.com not matching a SSL certificate Subject Name.
If you access a site on WordPress.com with a custom domain using the https:// version of the address, you will get an SSL warning. This is expected, because WordPress.com doesn’t support SSL for mapped domains.
There has been no change on WordPress.com's side of things. Google sent out these messages for informational purposes, but everything is working fine and you don't need a separate certificate.
SSL certificates are only necessary if you are transmitting/receiving secure data, like login information, credit card purchases, etc. For example, when you log into WordPress.com you'll be using SSL (you'll see you've been redirected to the https:// version of your site address when in your Dashboard), but SSL is not necessary when someone visits your public site.
If you wish to avoid the error message when you visit sites hosted on WordPress.com, you can replace https:// in your address bar with http://. If you have any visitors who are concerned with the error when they arrive at your site, they can use the same solution.
We highly suggest setting exceptions for WordPress.com in your browser so you are not bothered by this unnecessary warning in the future.
For more information on HTTPS and setting exceptions, please see: http://en.support.wordpress.com/https/
You can remove your site from Google's list of secure sites: