Creating sub certificates from a root certificate (SSL) [duplicate]

ssl ssl-certificate certificate-authority

If I purchase a signed certificate for example.com, can I then produce sub-certificates for a.example.com and b.example.com?

These sub-certificates would have PEM files whose privacy cannot be assured.

Can I do this, maintaining the privacy of the root certificate while generating an unlimited number of disposable sub-certificates that would still be recognized as valid by the original signing authority?


No, that won't work.

In order to sign certificates you need your own certificate authority certificate. The certificates you purchase are signed by a certificate authority, but specifically marked as not being a certificate authority certificate.

Check the "Certificate Basic Constraints" in your certificate, and you will see that it "Is not a Certification Authority".


If you need more then one domain covered by SSL, you need to buy a wildcard SSL certificate. This covers a domain name and all sub-domains. Remember to create your SSL cert for *.example.com: otherwise you only sign your normal domain.

If you have two different domains you need SSL for each domain.

Or if you have only one subdomain, sometimes two normal SSL certs are cheaper than a wildcard.

Related

How to install Certbot on Amazon Linux EC2
Can ADFS connect to other SSO services?
ECC chipkill errors: which DIMM?
how to silently install .dmg in MacOS?
Unencrypted equivalent of SSH reverse proxy
Is it possible to have complete backup of mysql database server from command line?
What does 'P' mean in DDR2-5300P?
Switch eth0 and eth1 in ubuntu server
Sun Solaris - Find out number of processors and cores
How can I find out who is hosting a certain domain? [duplicate]
Is it harmless to use the same ssh private/public keypair from multiple computers?
Datacenter Power Consumption Table