Cloudflare/SSL certificate question

Community,

Apologies in advance for what is probably a very stupid question, but wanted to confirm something: happened to notice the CN on the SSL certificate for https://vault.bitwarden.com/#/ was made out to sni.cloudflaressl.com rather than bitwarden and had a momentary freakout where I thought I was the subject of a MITM attack. (Q1) Is this just an artifact of Bitwarden utilizing cloudflare CDN services? (Q2) If legitimate, for the cloud version, doesnt having a CDN serve content and sit between the bitwarden servers and the end user mean they handle/see all the data trafficked from point a to point b? Isn’t this a vulnerability?

Given that Bitwarden is open source and has been 3rd party audited, I know I’m missing something obvious here, just not sure what.

It’s legitimate :slight_smile:

The data is encrypted with our certs back to our servers - and of course the whole time it is encrypted by your individual keys, too.

1 Like

Welp, that’s a relief. Thank you Trey! …Now I can finally migrate from my super secure method of using post-its for everything.

2 Likes