|
|
|
|
|
|
by crabique
351 days ago
|
|
|
Get a wildcard for the apex domain/higher-level subdomain, the "secret" subdomain will be covered implicitly. If you don't want the certificate to be in the CT logs, your only options are a private CA or things like CF Origin certificate, depending on how the domain is intended to be accessed. It's not the end user that "needs" CT, it is a mechanism to ensure no shady CA can misissue a certificate without being caught. Requirements like that are written in blood (see Symantec). |
|
|