web services - Can I get an Intermediate Certificate to sign SSL Certificates for my own domain myself? -

i maintaining project quite large server infrastructure.

at moment using several ssl certificates different subdomains, , that's not easy on pocket.

a far more economical solution me 1 wild card certificate , use on of servers.

however servers spread across globe, , if 1 of them gets compromised - physically or other means, secret certificate key fall hands of whoever gets system.

in case, if used wild card certificate, key compromised key key other components of system (because have same certificate).

i not want compromise ssl security of main website because unimportant edge server has been compromised.

that's why wondered whether can sign own csr own subdomains somehow.

something "self service top level domain wide intermediate certificate authority"

is there such thing? far understand certificate authorities , intermediate certificate authorities not limited specific scopes on common name (domain).

however know example google on fly generates certificates security purposes on special parts of website.

i wonder how that. or certificate authority on own?

hope question clear, appriciated!

i don't know if google certificatation authority, don't seem find ca.

anyway, no certification authority should ever deliver global intermediate ca. did , lead abuse, expected. there no way deliver intermediate ca limited cn, no, there no way looking for.

it done using dane, though, not mainstream before many years. see http://tools.ietf.org/html/rfc6698