We have a vendor that hosts the Web App Intelledoc's for us. Recent changes from Google have been causing the site to get flagged as "unsafe" - "Warning Deceptive Site ahead".
https://security.googleblog.com/2019/06/new-chrome-protections-from-deception.html
The vendor has asked us to provide them a PFX certificate for subdomains to essentially: "have these sites validated by the customer by incorporating them into the customers internet domain. "
However, I have a great many reservations about doing this, as I've been told to NEVER give a 3rd party a PFX cert.
I know you can use PFX certs with Azure Web Apps, but that's presuming you're using them in your environment, not giving them to someone else's azure environment.
1: Am I correct in being resistant to this suggestion?
2: If there another way to accomplish the same objective without giving them a PFX cert?
Apologies, but I just don't deal with certificates very often. Perhaps once every year or two??