If a certificate is imported into the Gateway via the 'Manage Certificates' dialog you may notice the Subject name differs than what is shown from an openssl request.
For example:
Importing a certificate on the Gateway using the url : https://fcm.googleapis.com
will show a Subject DN of 'edgecert.googleapis.com'
However, running the below openssl command will show a Subject of '*.googleapis.com'
openssl s_client -connect fcm.googleapis.com:443 -showcerts
Release : 9.x
Component : API Gateway
's_client' by default does not send SNI (Server Name Indication) data but the Gateway and browsers do.
If you run the following you should see the same result as what the Gateway provided.
openssl s_client -servername fcm.googleapis.com -connect fcm.googleapis.com:443 -showcerts
The servername parameter can be used to set the TLS SNI (Server Name Indication) extension in the ClientHello message.