Let's Encrypt and EV certificates for different hosts in the same domainIs it technically possible to...

Does dispel magic end a master's control over their undead?

Why do neural networks need so many training examples to perform?

What is the difference between "...", '...', $'...', and $"..." quotes?

Why did Luke use his left hand to shoot?

Why are the books in the Game of Thrones citadel library shelved spine inwards?

Cat is tipping over bed-side lamps during the night

Play Zip, Zap, Zop

How to not let the Identify spell spoil everything?

Crontab: Ubuntu running script (noob)

What would you call a real market that is close to perfect competition?

How much mayhem could I cause as a sentient fish?

How to use Mathemaica to do a complex integrate with poles in real axis?

How to visualize the Riemann-Roch theorem from complex analysis or geometric topology considerations?

Why zero tolerance on nudity in space?

Airplane generations - how does it work?

Should I reinstall Linux when changing the laptop's CPU?

Identify KNO3 and KH2PO4 at home

Building an exterior wall within an exterior wall for insulation

Is there any risk in sharing info about technologies and products we use with a supplier?

Clues on how to solve these types of problems within 2-3 minutes for competitive exams

What happens when a creature with flying blocks my non-flying attacker?

Why would space fleets be aligned?

Is a new boolean field better than null reference when a value can be meaningfully absent?

Hilchos Shabbos English Sefer



Let's Encrypt and EV certificates for different hosts in the same domain


Is it technically possible to configure two different SSL certificates for the same domain?Let's Encrypt for intranet websites?How to get a certificate from Let's Encrypt for the server which doesn't allows file creation“SSL: CERTIFICATE_VERIFY_FAILED” with my own certificatesWhy are Let's Encrypt certificates accepted by default by browsers?Why can't Let's Encrypt support wildcard certificates?SSL cert securing an on-premises web service where the domain is hosted externallyHow to detect if X.509 certificate belongs to CA or regular end user (host)Port bound TLS certificates? (1 Self-signed & 1 CA)what is the maximum life-time for Let's Encrypt certificates













3















I have an e-commerce site host name (example.com) and want to install an Extended Validation TLS certificate for it.



But I use a cookieless static content served from another host name (static.example.com) for images of the website.



To be "Google Shopping friendly" and for secure e-commerce reasons, can I use Let's Encrypt or other domain-validated TLS certificates for static.example.com and EV certificates for example.com?



I have gone through this kind of question online but those were was similar to my situation.










share|improve this question









New contributor




overer is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • I don't think the browser cares to displays a green bar for assets (images, css, javascript) so yes, you probably can.

    – Salman A
    24 mins ago
















3















I have an e-commerce site host name (example.com) and want to install an Extended Validation TLS certificate for it.



But I use a cookieless static content served from another host name (static.example.com) for images of the website.



To be "Google Shopping friendly" and for secure e-commerce reasons, can I use Let's Encrypt or other domain-validated TLS certificates for static.example.com and EV certificates for example.com?



I have gone through this kind of question online but those were was similar to my situation.










share|improve this question









New contributor




overer is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • I don't think the browser cares to displays a green bar for assets (images, css, javascript) so yes, you probably can.

    – Salman A
    24 mins ago














3












3








3








I have an e-commerce site host name (example.com) and want to install an Extended Validation TLS certificate for it.



But I use a cookieless static content served from another host name (static.example.com) for images of the website.



To be "Google Shopping friendly" and for secure e-commerce reasons, can I use Let's Encrypt or other domain-validated TLS certificates for static.example.com and EV certificates for example.com?



I have gone through this kind of question online but those were was similar to my situation.










share|improve this question









New contributor




overer is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












I have an e-commerce site host name (example.com) and want to install an Extended Validation TLS certificate for it.



But I use a cookieless static content served from another host name (static.example.com) for images of the website.



To be "Google Shopping friendly" and for secure e-commerce reasons, can I use Let's Encrypt or other domain-validated TLS certificates for static.example.com and EV certificates for example.com?



I have gone through this kind of question online but those were was similar to my situation.







tls letsencrypt






share|improve this question









New contributor




overer is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




overer is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 43 mins ago









a CVn

6,47812245




6,47812245






New contributor




overer is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 10 hours ago









overeroverer

161




161




New contributor




overer is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





overer is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






overer is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.













  • I don't think the browser cares to displays a green bar for assets (images, css, javascript) so yes, you probably can.

    – Salman A
    24 mins ago



















  • I don't think the browser cares to displays a green bar for assets (images, css, javascript) so yes, you probably can.

    – Salman A
    24 mins ago

















I don't think the browser cares to displays a green bar for assets (images, css, javascript) so yes, you probably can.

– Salman A
24 mins ago





I don't think the browser cares to displays a green bar for assets (images, css, javascript) so yes, you probably can.

– Salman A
24 mins ago










3 Answers
3






active

oldest

votes


















7














It is possible to have multiple certificates from different vendors for different parts of the domain and even have overlapping certificates., i.e. multiple certificates which could be used to authenticate the same domain.



Browsers actually only care that a specific certificate is valid for the specific domain it is used on and don't care if the same certificate could also be used for other domains. They also only care that all content is served over HTTPS (i.e. no mixed content) but don't care if some content is served with a EV certificate while other content is served with DV certificate only.



Apart from that, I recommend to read Extended Validation Certificates are Dead to get a better opinion if EV certificates are worth their money at all.






share|improve this answer



















  • 1





    Very good link to Troy Hunt's article, worth the read.

    – WoJ
    5 hours ago






  • 1





    Overlapping certificates can actually be a problem for this particular case. If OP passess the key for static.example.com to a CDN but maintain example.com in their own control, then the CDN operator and an attacker who breached CDN operator's security will be able to snoop/impersonate example.com. Note that to actually prevent breaches of trust like this completely, you'll also need to use subresource integrity to prevent your CDN from modifying and injecting scripts into your pages.

    – Lie Ryan
    4 hours ago













  • Troy Hunt's extended blog post on EV certificates. A bit less of examples would have been more than enough. Still, it's so entertaining that it's hard to stop reading it.

    – Esa Jokinen
    1 hour ago



















3














Yes you can, with some caveats.



Normally, letsencrypt certificate are valid for a single FQDN. So you can create an domain-identified only (DV) certificate for static.example.com and an EV-identified certificate for your root domain.



Note be careful that another consideration applies when using wildcard certificate and some multi domain certificate. Some CAs (including LetsEncrypt) may issue a wildcard that will also be valid for the root domain because the CA may automatically add the root to the SAN (subject alternative name) even if you don't explicitly list your root domain when requesting the certificate (the CA can do this since wildcard certificate verification method requires that you demonstrate control/ownership of the domain's DNS). Check the SAN field of the certificate to be sure that your certificate are covering exactly what you expected and no more.



A couple security notes though, be careful of server settings that may apply to all subdomains, like certain Cookies and HSTS config.






share|improve this answer





















  • 2





    Multidomain and wildcard are quite different things; LE does the first semiautomatically but not the second. Even if an LE cert does mistakenly include the bare domain, it's perfectly valid to not use that cert for that domain, as long as you can configure your webserver(s?) to do so.

    – dave_thompson_085
    8 hours ago











  • @dave_thompson_085: I've updated the answer to be more precise with the wordings.

    – Lie Ryan
    1 hour ago



















1














There are three options for this situation:




  1. Go with wildcard ssl certificate to secure your root and its sub domains because it remains easy for you because through option you will have to manage only one certificate for both root and its sub domain that helps to save your time & money.

  2. If want EV SSL for root domain example.com and also want to secure sub domain static.example.com then go for Symantec EV SSL which now gives facility to secure multi domain with it. (Usually remains high in the price).

  3. If want EV SSL for root domain example.com and also want to secure sub domain static.example.com then other affordable option is EV Multi Domain SSL because it helps you to get ev ssl for your all multiple domains (which you will include in SAN category). Means your both both root as well as sub domain will be secured with EV SSL.






share|improve this answer


























  • Your answer is a little short: you mention a few options as bullet points, but not what pros and cons are for each option. The answer also contains some typos. It's a good start for a useful answer, but to get more upvotes, you might want to expand the answer.

    – Luc
    2 hours ago











  • Thank you for keeping my attention to that.

    – Dana
    1 hour ago











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});






overer is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204359%2flets-encrypt-and-ev-certificates-for-different-hosts-in-the-same-domain%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























3 Answers
3






active

oldest

votes








3 Answers
3






active

oldest

votes









active

oldest

votes






active

oldest

votes









7














It is possible to have multiple certificates from different vendors for different parts of the domain and even have overlapping certificates., i.e. multiple certificates which could be used to authenticate the same domain.



Browsers actually only care that a specific certificate is valid for the specific domain it is used on and don't care if the same certificate could also be used for other domains. They also only care that all content is served over HTTPS (i.e. no mixed content) but don't care if some content is served with a EV certificate while other content is served with DV certificate only.



Apart from that, I recommend to read Extended Validation Certificates are Dead to get a better opinion if EV certificates are worth their money at all.






share|improve this answer



















  • 1





    Very good link to Troy Hunt's article, worth the read.

    – WoJ
    5 hours ago






  • 1





    Overlapping certificates can actually be a problem for this particular case. If OP passess the key for static.example.com to a CDN but maintain example.com in their own control, then the CDN operator and an attacker who breached CDN operator's security will be able to snoop/impersonate example.com. Note that to actually prevent breaches of trust like this completely, you'll also need to use subresource integrity to prevent your CDN from modifying and injecting scripts into your pages.

    – Lie Ryan
    4 hours ago













  • Troy Hunt's extended blog post on EV certificates. A bit less of examples would have been more than enough. Still, it's so entertaining that it's hard to stop reading it.

    – Esa Jokinen
    1 hour ago
















7














It is possible to have multiple certificates from different vendors for different parts of the domain and even have overlapping certificates., i.e. multiple certificates which could be used to authenticate the same domain.



Browsers actually only care that a specific certificate is valid for the specific domain it is used on and don't care if the same certificate could also be used for other domains. They also only care that all content is served over HTTPS (i.e. no mixed content) but don't care if some content is served with a EV certificate while other content is served with DV certificate only.



Apart from that, I recommend to read Extended Validation Certificates are Dead to get a better opinion if EV certificates are worth their money at all.






share|improve this answer



















  • 1





    Very good link to Troy Hunt's article, worth the read.

    – WoJ
    5 hours ago






  • 1





    Overlapping certificates can actually be a problem for this particular case. If OP passess the key for static.example.com to a CDN but maintain example.com in their own control, then the CDN operator and an attacker who breached CDN operator's security will be able to snoop/impersonate example.com. Note that to actually prevent breaches of trust like this completely, you'll also need to use subresource integrity to prevent your CDN from modifying and injecting scripts into your pages.

    – Lie Ryan
    4 hours ago













  • Troy Hunt's extended blog post on EV certificates. A bit less of examples would have been more than enough. Still, it's so entertaining that it's hard to stop reading it.

    – Esa Jokinen
    1 hour ago














7












7








7







It is possible to have multiple certificates from different vendors for different parts of the domain and even have overlapping certificates., i.e. multiple certificates which could be used to authenticate the same domain.



Browsers actually only care that a specific certificate is valid for the specific domain it is used on and don't care if the same certificate could also be used for other domains. They also only care that all content is served over HTTPS (i.e. no mixed content) but don't care if some content is served with a EV certificate while other content is served with DV certificate only.



Apart from that, I recommend to read Extended Validation Certificates are Dead to get a better opinion if EV certificates are worth their money at all.






share|improve this answer













It is possible to have multiple certificates from different vendors for different parts of the domain and even have overlapping certificates., i.e. multiple certificates which could be used to authenticate the same domain.



Browsers actually only care that a specific certificate is valid for the specific domain it is used on and don't care if the same certificate could also be used for other domains. They also only care that all content is served over HTTPS (i.e. no mixed content) but don't care if some content is served with a EV certificate while other content is served with DV certificate only.



Apart from that, I recommend to read Extended Validation Certificates are Dead to get a better opinion if EV certificates are worth their money at all.







share|improve this answer












share|improve this answer



share|improve this answer










answered 8 hours ago









Steffen UllrichSteffen Ullrich

117k13204271




117k13204271








  • 1





    Very good link to Troy Hunt's article, worth the read.

    – WoJ
    5 hours ago






  • 1





    Overlapping certificates can actually be a problem for this particular case. If OP passess the key for static.example.com to a CDN but maintain example.com in their own control, then the CDN operator and an attacker who breached CDN operator's security will be able to snoop/impersonate example.com. Note that to actually prevent breaches of trust like this completely, you'll also need to use subresource integrity to prevent your CDN from modifying and injecting scripts into your pages.

    – Lie Ryan
    4 hours ago













  • Troy Hunt's extended blog post on EV certificates. A bit less of examples would have been more than enough. Still, it's so entertaining that it's hard to stop reading it.

    – Esa Jokinen
    1 hour ago














  • 1





    Very good link to Troy Hunt's article, worth the read.

    – WoJ
    5 hours ago






  • 1





    Overlapping certificates can actually be a problem for this particular case. If OP passess the key for static.example.com to a CDN but maintain example.com in their own control, then the CDN operator and an attacker who breached CDN operator's security will be able to snoop/impersonate example.com. Note that to actually prevent breaches of trust like this completely, you'll also need to use subresource integrity to prevent your CDN from modifying and injecting scripts into your pages.

    – Lie Ryan
    4 hours ago













  • Troy Hunt's extended blog post on EV certificates. A bit less of examples would have been more than enough. Still, it's so entertaining that it's hard to stop reading it.

    – Esa Jokinen
    1 hour ago








1




1





Very good link to Troy Hunt's article, worth the read.

– WoJ
5 hours ago





Very good link to Troy Hunt's article, worth the read.

– WoJ
5 hours ago




1




1





Overlapping certificates can actually be a problem for this particular case. If OP passess the key for static.example.com to a CDN but maintain example.com in their own control, then the CDN operator and an attacker who breached CDN operator's security will be able to snoop/impersonate example.com. Note that to actually prevent breaches of trust like this completely, you'll also need to use subresource integrity to prevent your CDN from modifying and injecting scripts into your pages.

– Lie Ryan
4 hours ago







Overlapping certificates can actually be a problem for this particular case. If OP passess the key for static.example.com to a CDN but maintain example.com in their own control, then the CDN operator and an attacker who breached CDN operator's security will be able to snoop/impersonate example.com. Note that to actually prevent breaches of trust like this completely, you'll also need to use subresource integrity to prevent your CDN from modifying and injecting scripts into your pages.

– Lie Ryan
4 hours ago















Troy Hunt's extended blog post on EV certificates. A bit less of examples would have been more than enough. Still, it's so entertaining that it's hard to stop reading it.

– Esa Jokinen
1 hour ago





Troy Hunt's extended blog post on EV certificates. A bit less of examples would have been more than enough. Still, it's so entertaining that it's hard to stop reading it.

– Esa Jokinen
1 hour ago













3














Yes you can, with some caveats.



Normally, letsencrypt certificate are valid for a single FQDN. So you can create an domain-identified only (DV) certificate for static.example.com and an EV-identified certificate for your root domain.



Note be careful that another consideration applies when using wildcard certificate and some multi domain certificate. Some CAs (including LetsEncrypt) may issue a wildcard that will also be valid for the root domain because the CA may automatically add the root to the SAN (subject alternative name) even if you don't explicitly list your root domain when requesting the certificate (the CA can do this since wildcard certificate verification method requires that you demonstrate control/ownership of the domain's DNS). Check the SAN field of the certificate to be sure that your certificate are covering exactly what you expected and no more.



A couple security notes though, be careful of server settings that may apply to all subdomains, like certain Cookies and HSTS config.






share|improve this answer





















  • 2





    Multidomain and wildcard are quite different things; LE does the first semiautomatically but not the second. Even if an LE cert does mistakenly include the bare domain, it's perfectly valid to not use that cert for that domain, as long as you can configure your webserver(s?) to do so.

    – dave_thompson_085
    8 hours ago











  • @dave_thompson_085: I've updated the answer to be more precise with the wordings.

    – Lie Ryan
    1 hour ago
















3














Yes you can, with some caveats.



Normally, letsencrypt certificate are valid for a single FQDN. So you can create an domain-identified only (DV) certificate for static.example.com and an EV-identified certificate for your root domain.



Note be careful that another consideration applies when using wildcard certificate and some multi domain certificate. Some CAs (including LetsEncrypt) may issue a wildcard that will also be valid for the root domain because the CA may automatically add the root to the SAN (subject alternative name) even if you don't explicitly list your root domain when requesting the certificate (the CA can do this since wildcard certificate verification method requires that you demonstrate control/ownership of the domain's DNS). Check the SAN field of the certificate to be sure that your certificate are covering exactly what you expected and no more.



A couple security notes though, be careful of server settings that may apply to all subdomains, like certain Cookies and HSTS config.






share|improve this answer





















  • 2





    Multidomain and wildcard are quite different things; LE does the first semiautomatically but not the second. Even if an LE cert does mistakenly include the bare domain, it's perfectly valid to not use that cert for that domain, as long as you can configure your webserver(s?) to do so.

    – dave_thompson_085
    8 hours ago











  • @dave_thompson_085: I've updated the answer to be more precise with the wordings.

    – Lie Ryan
    1 hour ago














3












3








3







Yes you can, with some caveats.



Normally, letsencrypt certificate are valid for a single FQDN. So you can create an domain-identified only (DV) certificate for static.example.com and an EV-identified certificate for your root domain.



Note be careful that another consideration applies when using wildcard certificate and some multi domain certificate. Some CAs (including LetsEncrypt) may issue a wildcard that will also be valid for the root domain because the CA may automatically add the root to the SAN (subject alternative name) even if you don't explicitly list your root domain when requesting the certificate (the CA can do this since wildcard certificate verification method requires that you demonstrate control/ownership of the domain's DNS). Check the SAN field of the certificate to be sure that your certificate are covering exactly what you expected and no more.



A couple security notes though, be careful of server settings that may apply to all subdomains, like certain Cookies and HSTS config.






share|improve this answer















Yes you can, with some caveats.



Normally, letsencrypt certificate are valid for a single FQDN. So you can create an domain-identified only (DV) certificate for static.example.com and an EV-identified certificate for your root domain.



Note be careful that another consideration applies when using wildcard certificate and some multi domain certificate. Some CAs (including LetsEncrypt) may issue a wildcard that will also be valid for the root domain because the CA may automatically add the root to the SAN (subject alternative name) even if you don't explicitly list your root domain when requesting the certificate (the CA can do this since wildcard certificate verification method requires that you demonstrate control/ownership of the domain's DNS). Check the SAN field of the certificate to be sure that your certificate are covering exactly what you expected and no more.



A couple security notes though, be careful of server settings that may apply to all subdomains, like certain Cookies and HSTS config.







share|improve this answer














share|improve this answer



share|improve this answer








edited 1 hour ago

























answered 9 hours ago









Lie RyanLie Ryan

23.4k34977




23.4k34977








  • 2





    Multidomain and wildcard are quite different things; LE does the first semiautomatically but not the second. Even if an LE cert does mistakenly include the bare domain, it's perfectly valid to not use that cert for that domain, as long as you can configure your webserver(s?) to do so.

    – dave_thompson_085
    8 hours ago











  • @dave_thompson_085: I've updated the answer to be more precise with the wordings.

    – Lie Ryan
    1 hour ago














  • 2





    Multidomain and wildcard are quite different things; LE does the first semiautomatically but not the second. Even if an LE cert does mistakenly include the bare domain, it's perfectly valid to not use that cert for that domain, as long as you can configure your webserver(s?) to do so.

    – dave_thompson_085
    8 hours ago











  • @dave_thompson_085: I've updated the answer to be more precise with the wordings.

    – Lie Ryan
    1 hour ago








2




2





Multidomain and wildcard are quite different things; LE does the first semiautomatically but not the second. Even if an LE cert does mistakenly include the bare domain, it's perfectly valid to not use that cert for that domain, as long as you can configure your webserver(s?) to do so.

– dave_thompson_085
8 hours ago





Multidomain and wildcard are quite different things; LE does the first semiautomatically but not the second. Even if an LE cert does mistakenly include the bare domain, it's perfectly valid to not use that cert for that domain, as long as you can configure your webserver(s?) to do so.

– dave_thompson_085
8 hours ago













@dave_thompson_085: I've updated the answer to be more precise with the wordings.

– Lie Ryan
1 hour ago





@dave_thompson_085: I've updated the answer to be more precise with the wordings.

– Lie Ryan
1 hour ago











1














There are three options for this situation:




  1. Go with wildcard ssl certificate to secure your root and its sub domains because it remains easy for you because through option you will have to manage only one certificate for both root and its sub domain that helps to save your time & money.

  2. If want EV SSL for root domain example.com and also want to secure sub domain static.example.com then go for Symantec EV SSL which now gives facility to secure multi domain with it. (Usually remains high in the price).

  3. If want EV SSL for root domain example.com and also want to secure sub domain static.example.com then other affordable option is EV Multi Domain SSL because it helps you to get ev ssl for your all multiple domains (which you will include in SAN category). Means your both both root as well as sub domain will be secured with EV SSL.






share|improve this answer


























  • Your answer is a little short: you mention a few options as bullet points, but not what pros and cons are for each option. The answer also contains some typos. It's a good start for a useful answer, but to get more upvotes, you might want to expand the answer.

    – Luc
    2 hours ago











  • Thank you for keeping my attention to that.

    – Dana
    1 hour ago
















1














There are three options for this situation:




  1. Go with wildcard ssl certificate to secure your root and its sub domains because it remains easy for you because through option you will have to manage only one certificate for both root and its sub domain that helps to save your time & money.

  2. If want EV SSL for root domain example.com and also want to secure sub domain static.example.com then go for Symantec EV SSL which now gives facility to secure multi domain with it. (Usually remains high in the price).

  3. If want EV SSL for root domain example.com and also want to secure sub domain static.example.com then other affordable option is EV Multi Domain SSL because it helps you to get ev ssl for your all multiple domains (which you will include in SAN category). Means your both both root as well as sub domain will be secured with EV SSL.






share|improve this answer


























  • Your answer is a little short: you mention a few options as bullet points, but not what pros and cons are for each option. The answer also contains some typos. It's a good start for a useful answer, but to get more upvotes, you might want to expand the answer.

    – Luc
    2 hours ago











  • Thank you for keeping my attention to that.

    – Dana
    1 hour ago














1












1








1







There are three options for this situation:




  1. Go with wildcard ssl certificate to secure your root and its sub domains because it remains easy for you because through option you will have to manage only one certificate for both root and its sub domain that helps to save your time & money.

  2. If want EV SSL for root domain example.com and also want to secure sub domain static.example.com then go for Symantec EV SSL which now gives facility to secure multi domain with it. (Usually remains high in the price).

  3. If want EV SSL for root domain example.com and also want to secure sub domain static.example.com then other affordable option is EV Multi Domain SSL because it helps you to get ev ssl for your all multiple domains (which you will include in SAN category). Means your both both root as well as sub domain will be secured with EV SSL.






share|improve this answer















There are three options for this situation:




  1. Go with wildcard ssl certificate to secure your root and its sub domains because it remains easy for you because through option you will have to manage only one certificate for both root and its sub domain that helps to save your time & money.

  2. If want EV SSL for root domain example.com and also want to secure sub domain static.example.com then go for Symantec EV SSL which now gives facility to secure multi domain with it. (Usually remains high in the price).

  3. If want EV SSL for root domain example.com and also want to secure sub domain static.example.com then other affordable option is EV Multi Domain SSL because it helps you to get ev ssl for your all multiple domains (which you will include in SAN category). Means your both both root as well as sub domain will be secured with EV SSL.







share|improve this answer














share|improve this answer



share|improve this answer








edited 1 hour ago

























answered 3 hours ago









DanaDana

113




113













  • Your answer is a little short: you mention a few options as bullet points, but not what pros and cons are for each option. The answer also contains some typos. It's a good start for a useful answer, but to get more upvotes, you might want to expand the answer.

    – Luc
    2 hours ago











  • Thank you for keeping my attention to that.

    – Dana
    1 hour ago



















  • Your answer is a little short: you mention a few options as bullet points, but not what pros and cons are for each option. The answer also contains some typos. It's a good start for a useful answer, but to get more upvotes, you might want to expand the answer.

    – Luc
    2 hours ago











  • Thank you for keeping my attention to that.

    – Dana
    1 hour ago

















Your answer is a little short: you mention a few options as bullet points, but not what pros and cons are for each option. The answer also contains some typos. It's a good start for a useful answer, but to get more upvotes, you might want to expand the answer.

– Luc
2 hours ago





Your answer is a little short: you mention a few options as bullet points, but not what pros and cons are for each option. The answer also contains some typos. It's a good start for a useful answer, but to get more upvotes, you might want to expand the answer.

– Luc
2 hours ago













Thank you for keeping my attention to that.

– Dana
1 hour ago





Thank you for keeping my attention to that.

– Dana
1 hour ago










overer is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















overer is a new contributor. Be nice, and check out our Code of Conduct.













overer is a new contributor. Be nice, and check out our Code of Conduct.












overer is a new contributor. Be nice, and check out our Code of Conduct.
















Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204359%2flets-encrypt-and-ev-certificates-for-different-hosts-in-the-same-domain%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

“%fieldName is a required field.”, in Magento2 REST API Call for GET Method Type The Next...

How to change City field to a dropdown in Checkout step Magento 2Magento 2 : How to change UI field(s)...

變成蝙蝠會怎樣? 參考資料 外部連結 导航菜单Thomas Nagel, "What is it like to be a...