All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Can I use SSL certs from different CAs on same domain (and subdomains) combinations
A preliminary google scan wasn't helpful.
So, thought I'd throw in a quick query here to the community.
I have the following :
1) Issued Wildcard SSL certificate from CA1
2) FREE PositiveSSL certifcate offer from CA2(to be redeemed)
I have already issued the Wildcard one for 'example.com'.
Idea is to use the wildcard one to power SSL-enabled cdn.example.com running on variety of low-end servers around the globe.
But since some of these are from untrustworthy countries/technologies (eg. openvz), I want to mitigate the risk of SSL Private key extraction via any CDN node.
Can I still issue the PositiveSSL from CA2 for example.com to power the dynamic parts of the site (not relying on CDN for assets). This would run on the more trustworthy KVM/Xen operators.
Is there Internet regulation preventing any of this from being allowed?
Is my risk model for Static assets mentally sound?
Comments
no problem
on my test bed I've using :
Yes you can.
Um, not really, if your wildcard certificate is leaked then attacker can spoof your website. Of course attacker wouldn't be able to decrypt communication between clients and example.com, but MITM attack still is probably concerning since you're worried about security.
So you should probably get a separate domain name for the static content (that also protects against cookie stealing, session fixation, and many other attacks).
Yes, this is one of the options I'm researching. Reading up on CORS before commenting further.
Thanks.
How about issuing the wildcard with passphrase? Any Ansible/automation like solutions for passphrase entry.