sslgoogle-cloud-platformssl-certificatesigneddigicert

Why I need an SSL certificate and SXG certificate separately to enable Signed Exchange for my website?


I need to enable Signed Exchange for my certificate. I was told by DigiCert and GoogleCA that I will need two certificates to enable SXG, one is SSL and another one cert is SXG.

Why two certificate cannot merge into one certificate or why is it not possible for them to provide one single certificate which will support both ssl and sxg together?


Solution

  • Because the content and purpose of an SSL certificate and an SXG are different.

    An SXG is encapsulated in a binary-encoded file that has two primary components: an HTTP exchange and a signature that covers the exchange. The HTTP exchange consists of a request URL, content negotiation information, and an HTTP response.