Geek Answers Handbook

SSL certificate management for a multi-tenant website

We have a site with several tenants where we use a wildcard SSL certificate to provide people with a subdomain for our site. Some of our customers would like to use their own domain, but I am worried about how we will manage each client as our business grows. Currently, the certificate is located on the web server, which means that all certificates are uploaded to each web server as they are added.

I know that we can present a specialized SSL device in front of web servers, but are there other ways to improve the management of these certificates?

+6
ssl hosting multi-tenant
source share
2 answers

I am a technical technical consultant at Microsoft, and one of my partners had the same problem.

I created a source code sample that automates and manages SSL certificates for multiple domain bindings using the new IIS 8 (Windows Server 2012) feature called SNI, which is a kind of SSL host server.

All you have to do is reuse my code (it's pretty simple) and upload your custom SSL certificates to the blob repository, or you can write your own provider to extract your own domains and certificates from your database.

I posted a detailed explanation and sample source code for "plug and play": http://www.vic.ms/microsoft/windows-azure/multiples-ssl-certificates-on-windows-azure-cloud-services/

+4
source share

You can get your customers to deal with their certificates and get them to run their own https site. They can serve a page containing one frame with your content (more than https). Users will see their domain and their certificate, and the browser will download the frame without complaint, while the contents of the frame will also be downloaded via a valid https connection. I created a quick dirty test page so you can see it in action.

This solution will β€œbreak” the address bar, as it will contain the URL of the page containing the frame. Depending on the type of site you are running, this may be showstopper.

0
source share

More articles:


All Articles