Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Remote JS execution with EV Certs

Posted on 2013-05-30
6
Medium Priority
?
204 Views
Last Modified: 2013-05-31
I've built a javascript API that basically is loaded from a remote sub-domain. So domain1.tld.com loads a JS library from domain2.tld.com.

The connection is all over SSL.

The questions is, if domain1.tld.com has an EV cert does domain2.tld.com need an EV cert as well? Or can it be a regular cert?
0
Comment
Question by:skione
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 2000 total points
ID: 39210594
It can be a regular cert, no browser currently checks that all components are EV, but most check that all components are secured with valid certs.

Of course, that may change in the future.
0
 

Author Comment

by:skione
ID: 39210605
Thanks, I'll award you the points but would you have any documentation to back that up? (BTW that's what I thought as well)
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39210634
no, I don't, but I know from experience that plenty of EV sites use https://ajax.googleapis.com/ajax/libs/jquery/1.10.0/jquery.min.js (for example) at the backend, without browsers kicking up a fuss about it :)
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 

Author Comment

by:skione
ID: 39210636
Thanks!
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39210643
I disagree on principle with EV certificates though. Why do we need to pay extra for the CA to do the checks we were supposed to be paying for for "standard" certificates (instead of just generating our own for free), and why, given several high-profile events where EV certificates were issued for "famous name" sites to people other than the sites owners, they continue to claim EV means they really, really checked this time and you can trust them, honest.....
0
 

Author Comment

by:skione
ID: 39210661
Yea I don't know the answer to that but our client (a bank) uses them and I need to make sure that when they connect to my API I don't cause any browser errors.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you need a certificate so you can offer SSL encryption.  But which one should you get?  There are so many choices out there! Here is a generic overview of the main types of SSL certificates sold by the majority of commercial Certification Auth…
#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question