Will using protocol relative links to other domains from an SSL site require that the external sites have their own SSL?

Question

If I am configuring https://foo.example.com where I have an SSL cert with CN=foo.example.com, but index.html has includes/images/etc loading from http://example.othersite/cat.png and http://example.somethingelse/script.js.

Will using protocol agnostic URLs like //example.somethingelse/script.js require that a SSL certificate exists for example.othersite and example.somethingelse or will Apache use my site's cert without causing any warnings/errors in the browser? Apache 2.2.3, mod_ssl

score 1 · Accepted Answer · answered Apr 22 '14 at 04:01

All those 3 domains are completely independent from each other (even if they are different virtual hosts in the same apache server).
A protocol-relative URL just means "use the same protocol as the current page's".
So, yes, you need to configure https certificates for all those domains. Otherwise the browser may produce a warning saying that some resources in the page were loaded through an unsecure conection.

Will using protocol relative links to other domains from an SSL site require that the external sites have their own SSL?

1 Answers1