Is it possible to have a different HTTPS domain in an iFrame, on another HTTPS domain?

Do browsers throw security errors when "https://sub.example.com" is embedded in an iFrame 开发者_如何学运维inside "https://www.example.com"?

If not, are there any restrictions? Do they need to be using the same SSL certificate (wildcard)?

No, HTTPS content from many separate sources (via images, iframes, scripts etc) may comprise a single page whilst keeping the ‘secure’ UI, as long as all resources independently pass certificate validation. Doesn't have to be the same hostname, same domain, same certificate or same CA.