Firebase hosting ssl certificate is showing different domain

Question

I've connected a custom domain to firebase hosting, you can see placeholder website here: https://asimetriq.com

At first glance everything seems to be fine, but when I view ssl certificate details I see unrelated domain details. Is this normal and if so why is it happening? If not is this a bug on firebase side?

Answer 1

This is normal, you should go to the "Details" part to see the whole certificate content.

You will see that the certificate has a "Subject Alternative Name" extension, in which you will find many DNS names, including one for your own website. The certificate applies in the same way to all websites in this list. This is done to reduce the number of certificates to handle, specifically for servers hosting multiple websites with different names on the same IPs (if you check you will see that all names below resolves to the same set of IPs)

Your browser accepts it because it sees the content in the extension and it sees your website in it. If not, your browser would have say that the connection is insecure because there is a name mismatch between the website name in the URL and what is inside the certificate.

Certificate content:

Data:
    Version: 3 (0x2)
    Serial Number:
        03:f7:1d:8f:a5:a2:78:84:8e:5b:eb:f3:45:a9:90:2a:ce:5a
Signature Algorithm: sha256WithRSAEncryption
    Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    Validity
        Not Before: Apr 21 17:14:16 2018 GMT
        Not After : Jul 20 17:14:16 2018 GMT
    Subject: CN=www.blowwhalestudios.uk

...

    X509v3 extensions:

...

        X509v3 Subject Alternative Name:
            DNS:1profiremiralomanorco.xyz, DNS:1profiresanbernardino.xyz, DNS:22q11northernireland.co.uk, DNS:71holiday.com, DNS:99idiomas.com.br, DNS:admin.wikifinance.com.au, DNS:agenda.zipper.com.co, DNS:akshayverma.net, DNS:alexpjames.com, DNS:alfreds.com.br, DNS:app.feedmeapp.ca, DNS:app.getpremises.com, DNS:app.givebadges.com, DNS:app.verhuisplan.be, DNS:asimetriq.com, DNS:auth.skillapp.co, DNS:auxglacesdelanse.ca, DNS:bio.apartments, DNS:calendarbuttonz.com, DNS:cammedar.com, DNS:carlan.didrik.tech, DNS:casheep.xyz, DNS:cats.grankullen.se, DNS:chcsecurity.com, DNS:coinsrage.com, DNS:coopearsa.com, DNS:ddnode.com, DNS:deliriumdesigns.com, DNS:dev.heyleap.com, DNS:dev.mundoemprendedor.org, DNS:ecoema.com.co, DNS:gamenightbuddy.com, DNS:gamestatext.com, DNS:gardenpartyfloristmukwonago.com, DNS:go-beeline.com, DNS:gruposafira.com.br, DNS:handcricketgame.com, DNS:heyleap.com, DNS:hoppy.co.uk, DNS:hyperpost.co, DNS:itsupport.conceptplusllc.net, DNS:manager.artus.io, DNS:markato.studio, DNS:mattmc.co.uk, DNS:mips.haoxp.xyz, DNS:my.valuehome.ca, DNS:openmatics.going2.com.br, DNS:opportunityspace.co, DNS:ozcaynalavalle.com.ar, DNS:parkero.se, DNS:paybacks.rocks, DNS:physio-vd.ch, DNS:pokus.severa.name, DNS:portal.gruposafira.com.br, DNS:q.crawlink.com, DNS:rockpepaine.ro, DNS:safetolk.se, DNS:satin.silkypresets.com, DNS:scorecard.curtisrutland.com, DNS:seaportpuntadeleste.com.uy, DNS:secure.pam3.ru, DNS:sendsms.cc, DNS:shiftfirst.ai, DNS:smuldersbram.bramsmulders.com, DNS:superadmin.qulinaryapp.com, DNS:test.keystone-energy.co.uk, DNS:vot.thundersha.work, DNS:www.1profirecorona.xyz, DNS:www.1profiremiralomanorco.xyz, DNS:www.1profiresanbernardino.xyz, DNS:www.256co.com, DNS:www.auxglacesdelanse.ca, DNS:www.bangkokwomensrun.com, DNS:www.blowwhalestudios.uk, DNS:www.calendarbuttonz.com, DNS:www.coopearsa.com, DNS:www.digitalnauts.com, DNS:www.donadafesta.com.br, DNS:www.dot3digital.com, DNS:www.greenpilates.net, DNS:www.happinessisajourney.com, DNS:www.haxor.com, DNS:www.hoppy.co.uk, DNS:www.insulcoat.co.za, DNS:www.juntstrenquembarreres.cat, DNS:www.kakobotasso.com.br, DNS:www.kangsenan.com, DNS:www.letspla.net, DNS:www.mi11er.net, DNS:www.mileageondemand.com, DNS:www.n-studios.tk, DNS:www.narrated.co, DNS:www.physio-vd.ch, DNS:www.sears.ca, DNS:www.shiftfirst.ai, DNS:www.suisse-connect.ch, DNS:www.thinkingandwriting.org, DNS:www.venturehacks.xyz, DNS:www.vivionline.com.br, DNS:www.wizy.vn