For the last few months, I have been using self signed certificates to provide s
ID: 659271 • Letter: F
Question
For the last few months, I have been using self signed certificates to provide ssl for a system that I have been building. We are now getting ready to start getting external users on the system, but this will require purchasing a certificate.
This system will be one of several others that will be running on a sub-domain, but may move to its own domain later on. There will also be several other secured systems running in a similar fashion.
We would also like to put our main site on ssl only too.
So, although I know I can use a wildcard certificate, could I purchase an ssl certificate for the main site, then create a signing request for the sub-domain, and sign it with the purchased certificate, and would that validate for visitors to the sub-domain?
Explanation / Answer
No, the certificates you purchase for SSL are not valid for certificate signing. This is enacted via usage extensions.
It is possible to buy signing certificates which can be used for that purpose, but it is prohibitively expensive - the certificate authorities do not, after all, wish to put themselves out of business.