My organization has a wildcard certificate for our domain and its subdomains. Lets say *.serverfault.com. We want to use a 3rd party webhost to serve as a CDN for our image content, but we want to have the domain there be media.serverfault.com. We dont want to install the wildcard certificate at the 3rd party, for security reasons. We would prefer the certificate we install there be valid just for media.serverfault.com.
Is this possible? Would browsers give us issues if the certificate for *.serverfault.com and media.serverfault.com were from different root CAs? Or is there a way to use the *.serverfault.com wildcard cert to generate one for media.serverfault.com?
