Web certificate

We just got a security question from a customer about our “certificate on the app and the login”. I see through the browser that the web certificate is issued to kommune.flyyt.no, which I know is an Appfarm solution, but it looks quite weird here.

I am no expert on web certificates, so sorry if my questions are stupid:

  • Is it possible for you to change the certificate owner to something that looks like appfarm (as flyyt is not on our list of sub-processors, it looks questionable that they show up here)
  • If not, should we in theory add flyyt to our (and your) list of sub-processors?
  • Is it possible to set up our own web certificate (or make it look like it is in our name)?
  • Is the certificate any different when logging into .appfarm.app, compared to our custom domain? (I thought the certificate was linked to the domain, but apparently not?)
  • Is the certificate different from the login page?
  • For customers asking for our web certificate, is there any other info we probably should show them apart from what is seen in the browser?
  • Any additional info we should know about this certificate?

We use certificates with multiple domains, so one domain has to be ‘on top,’ and by chance, ‘flyyt’ happens to be the first on the list. If you dig deeper into that certificate, you’ll see the list of all the domains it covers. However, we’re exploring the possibility of having an ‘appfarm’ domain as the CN (Common Name) on that certificate