Thanks for filing the issue!

@Reporter: Could you please share a sample test URL/file which helps us to triage the issue in a better way as we are not clear about app1, app2. Any further inputs from your end may help us.

check URL https://cform.mwg.nj.gov/ on regular chrome vs canary.

regular chrome gets correct cert.  canary gets cert. for another application.  all certs stored in front-end proxy.

Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Can anyone from Chromium please respond to this?  Is this a bug?  Is this a new protocol that Canary will follow?

What is going on?  Why is the browser getting the wrong certificate?

When opening the DevTools Console for the link mentioned in #3, I see the warning:

"The SSL certificate used to load resources from https://cform.mwg.nj.gov will be distrusted in M70. Once distrusted, users will be prevented from loading these resources. See https://g.co/chrome/symantecpkicerts for more information."

Please see the link (https://g.co/chrome/symantecpkicerts) for more details on the timeline and deprecation of affected certificates.  Currently stable Chrome is on version M65, with deprecation changes coming in M66 - M70.