Will you issue certificates for third-level domains (e.g.
icecream.example.com) if the second-level domain is not under the requester’s control?
StartSSL for example does not, and it also doesn’t issue certificates for
We’re hosting a site for a research group under a university’s domain, so the subdomain is under our control, but the second-level domain is not. I think this is a legitimate scenario for separate certificate for the third-level domain, but I understand that some CAs think otherwise (hard to check who’s the real owner).
If I understand your protocol correctly, this is absolutely possible with the same security as issuing a certificate for a second-level domain, but still an explicit confirmation would be nice.
So what’s your position on this?
Yes, Let’s Encrypt supports third-level domains too, there is no restriction as it is discussed in an other thread.