SSL Certificate Referring to First Custom Domain?

Hello,

I’ve noticed that having multiple custom domains and using the LetsEncrypt certificate, that no matter the site I navigate to, it shows the certificate’s Common Name as the first alphabetical custom domain site.

For example - our staging site is at staging-play-cinesend.netlify.app. We have custom domains at staging-play.cinesend.com and develop-play.cinesend.com.

Navigating to “staging-play.cinesend.com” and opening the certificate from the browser bar shows that the Common Name is develop-play.cinesend.com.

Is there any way to modify this?

Hi, @darcy.

The first name listed is typically but not always the first name that was added. All the other domain names for the site will also be included in the SSL certificate, but only one name can be the primary name for an SSL certificate.

Here is the information for this site’s certificate:

$ echo | openssl s_client -showcerts -servername staging-play.cinesend.com -connect staging-play.cinesend.com:443 | openssl x509 -text | egrep '(Subject:|DNS:)'
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = develop-play.cinesend.com
verify return:1
DONE
        Subject: CN=develop-play.cinesend.com
                DNS:develop-play.cinesend.com, DNS:staging-agile-play.cinesend.com, DNS:staging-play.cinesend.com, DNS:staging-play.eleventsolutions.net, DNS:staging-play.eventive.org, DNS:staging-play.ferve.tickets, DNS:watch-uat.aircanadavideo.com

There isn’t a way to change this order at Netlify. You might be able to get a different order if you manually provision your own SSL certificates or purchase SSL certificates from a third-party.

We can enter a feature request to control the order but no such feature request exists at this time.

​Please let us know if we should file a feature request for this. Also, if so, would you please explain more about the reason for wanting to make this change? We ask because we want to be sure the feature request meets the requirements you have. The more we understand about the why the change is needed the more it will help us to build a feature that works as you want it to.

If there are other questions for us, please include them at any time.

Hi Luke,

I would love for this to be a feature request.

Essentially, since multiple clients are pointing their CNAME to one Netlify app, a few have reached out and mentioned that it is a bit confusing that the Common Name being shown isn’t their own domain.

The feature request, if possible, would be for each site to show its own Common Name. If that’s impossible, being able to set a singular Common Name would still be beneficial.

Thanks!

thanks darcy - you make an interesting point! We’ve made a note of your feature request, and will connect with you here if we have additional questions or updates to share!