• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 208
  • Last Modified:

Remote JS execution with EV Certs

I've built a javascript API that basically is loaded from a remote sub-domain. So domain1.tld.com loads a JS library from domain2.tld.com.

The connection is all over SSL.

The questions is, if domain1.tld.com has an EV cert does domain2.tld.com need an EV cert as well? Or can it be a regular cert?
0
skione
Asked:
skione
  • 3
  • 3
1 Solution
 
Dave HoweSoftware and Hardware EngineerCommented:
It can be a regular cert, no browser currently checks that all components are EV, but most check that all components are secured with valid certs.

Of course, that may change in the future.
0
 
skioneAuthor Commented:
Thanks, I'll award you the points but would you have any documentation to back that up? (BTW that's what I thought as well)
0
 
Dave HoweSoftware and Hardware EngineerCommented:
no, I don't, but I know from experience that plenty of EV sites use https://ajax.googleapis.com/ajax/libs/jquery/1.10.0/jquery.min.js (for example) at the backend, without browsers kicking up a fuss about it :)
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
skioneAuthor Commented:
Thanks!
0
 
Dave HoweSoftware and Hardware EngineerCommented:
I disagree on principle with EV certificates though. Why do we need to pay extra for the CA to do the checks we were supposed to be paying for for "standard" certificates (instead of just generating our own for free), and why, given several high-profile events where EV certificates were issued for "famous name" sites to people other than the sites owners, they continue to claim EV means they really, really checked this time and you can trust them, honest.....
0
 
skioneAuthor Commented:
Yea I don't know the answer to that but our client (a bank) uses them and I need to make sure that when they connect to my API I don't cause any browser errors.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now