A. Savva
Reputation: 632
SSL and iframe - Does the same certificate work for iframe?
I have a website embedding another website with iframe. The first website has SSL with a certificate for *.something.com and let's say its domain is somethingelse.something.com. Can I use the same certificate for the embedded website as well even though there is no subdomain in something.com referring to it?
In other words, does the fact that I am originally coming from somethingelse.something.com count for the embedded website as well?
I hope this makes sense, I am quite new with this.
Upvotes: 0
Views: 603
Answers (1)
Tom
Reputation: 4826
- If the certificate is valid for the domain, the fact that it's an iframe doesn't count.
Be careful: A certificate for "*.example.com" is valid for "anything.example.com" but NOT for "example.com"
The iframe may be blocked for another reason:
- CSP on the main page
- X-FRAME-OPTIONS on the iframe
Upvotes: 2
Related Questions
- IE11 security certificate issue when using iFrame
- HSTS in iFrame src
- Embedding HTTP iframe in HTTPS iframe for HTTPS site?
- Can using an Iframe pose a security risk?
- HTTP iframe on HTTPS page
- Display IFrame from same domain under SSL
- How can using https in an iframe be secure?
- Https and Frames. Is connection encrypted?
- What are the dangers of using an SSL iframe within SSL pages
- Security error in cross domain iframe