Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Managing SSL certs for a multi-tenant website

We have a multi-tenant website where we use a wildcard SSL cert to give people a subdomain to our site. Some of our customers would like to use their own domain, but I'm concerned about how we would manage each customer's certificate as our business grows. Currently the certificate resides on the web server, which means loading all of the certs to each web server as we add them.

I'm aware we could introduce a dedicated SSL device in front of the web servers, but are there other options to improve the management of these certificates?

like image 465
Bernard Chen Avatar asked Jan 28 '10 23:01

Bernard Chen


People also ask

Can one SSL certificate be installed on multiple servers?

To install the same certificate on multiple servers, first install the certificate files to the server where the CSR was originally generated. Then import the files (along with the private key) to the respective servers.

How do multi-domain SSL certificates work?

Multi-domain certificates allow for a single unique IP address for multiple domain names. A primary SSL certificate is issued with additional alternative domains listed on the same certificate. One certificate can be installed for all domains listed within the approved list.


1 Answers

I'm a Microsoft Technical Evangelist and one of my partners had exactly the same challenge.

I have created a sample source code that automates and manages SSL certificates for multiple domain bindings using a new IIS 8 (Windows Server 2012) feature called SNI, which is a kind of SSL hostheaders.

All you will need to do is to reuse my code (it's quite simple) and upload your custom SSL certificates to the blob storage, or you can write your own provider to fetch custom domains and certificates from your database.

I have posted a detailed explanation and a sample "plug & play" source-code at: http://www.vic.ms/microsoft/windows-azure/multiples-ssl-certificates-on-windows-azure-cloud-services/

like image 75
Vitor Ciaramella Avatar answered Sep 21 '22 18:09

Vitor Ciaramella