As icebraining wrote, it's technically possible with X.509, but nobody within th... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		_ondq on June 12, 2015 \| parent \| context \| favorite \| on: Let's Encrypt Overview As icebraining wrote, it's technically possible with X.509, but nobody within the public CA industry will do it for business reasons. You could approach the problem by creating your own root CA for the domain and then issue subordinate CA certs, but obviously for clients to validate them they would need to import your root into their trusted store (in a corporate IT scenario you would push out the root as part of the domain policy).

baby on June 12, 2015 [–]

do modern browser accepts wildcard certificates though?

_ondq on June 12, 2015 | [–]

If you mean a certificate for something like *.domain.com, then yes, every modern browser that I'm aware of will validate it properly.

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact