What you're asking isn't very clear.
If you mean "can I redirect the client from http://app.theirdomain.com to https://www.mydomain.com using HTTP redirect or HTML redirect, then the answer is yes. The caveats, of course, is that the user will see your URL in their browser pretty much immediately when they go to the app web site, making it pretty pointless to have created the subdomain in the first place.
But your issue is actually a failure to properly define your requirements.
Either you didn't define the requirements for your product properly or your customer didn't produce the proper requirement for their project themselves. In both case, you're trying to fix this failure with band-aids and that will NOT result in anything satisfactory.
The simplest way to salvage that situation is for your customer to deliver a server to your specifications and use a valid certificate. If they really cannot provide your with a sytem with Apache and PHP (either internally or by renting a vm), then they could explore the possibility of simply adding PHP to their IIS web site (it's trivially easy), get a proper certificate and install it themselves.
Another possibility is for then to request a certificate for their sub-domain and for you to configure your server to serve it. Since they already have defined a sub-domain, all you need to do is add an IP address to your server, your customer to link that IP address to their sub-domain in their DNS and for you to configure Apache to serve it over SSL using the certificate for their sub-domain.