asked on

Remote JS execution with EV Certs

I've built a javascript API that basically is loaded from a remote sub-domain. So domain1.tld.com loads a JS library from domain2.tld.com.

The connection is all over SSL.

The questions is, if domain1.tld.com has an EV cert does domain2.tld.com need an EV cert as well? Or can it be a regular cert?

ASKER CERTIFIED SOLUTION

Dave Howe

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Michael Sole

ASKER

Thanks, I'll award you the points but would you have any documentation to back that up? (BTW that's what I thought as well)

Dave Howe

no, I don't, but I know from experience that plenty of EV sites use https://ajax.googleapis.com/ajax/libs/jquery/1.10.0/jquery.min.js (for example) at the backend, without browsers kicking up a fuss about it :)

Michael Sole

ASKER

Thanks!

Dave Howe

I disagree on principle with EV certificates though. Why do we need to pay extra for the CA to do the checks we were supposed to be paying for for "standard" certificates (instead of just generating our own for free), and why, given several high-profile events where EV certificates were issued for "famous name" sites to people other than the sites owners, they continue to claim EV means they really, really checked this time and you can trust them, honest.....

Michael Sole

ASKER

Yea I don't know the answer to that but our client (a bank) uses them and I need to make sure that when they connect to my API I don't cause any browser errors.