I'm building a multi-tenant application using the Play framework and hosting it with CloudBees. A key feature the site is the ability to purchase SSL certificates on behalf of our customers during the sign-up process.
- On sign-up, the user provides us with their custom domain name (ie, customer.com)
- We create the client account and associate customer.com with their client ID
- We purchase the SSL certificate for our client and automatically configure it on our server
The client should only have to worry about pointing their domain name to the right IP address, not purchasing their own SSL certificate.
What we need to support at run-time:
- Resolve http://customer.com or http://www.customer.com for a typical request
- Resolve http://customer.ourdomain.com if the client does not have a custom domain
- Resolve https://customer.com/payment, https://www.customer.com/payment, or https://customer.ourdomain.com/payment during the billing process for our client's end-users depending on their domain setup (subdomain or custom domain)
I'm trying to figure out if it's possible to use CloudBees out-of-the-box with our SSL needs. We're assuming that SNI will suit our requirements, but I'm struggling to determine the optimal configuration considering that we may need to support hundreds or thousands of SSL certificates on a single IP.
My question is:
- What options do we have for supporting so many SSL certificates? Should continue exploring CloudBees with SNI and AWS Elastic Load Balancing or am I way off base? (ELB only supports 10 certificates out-of-the-box.) The ideal process will be completely automated for our client during sign-up.
Any advice is appreciated.
CloudBees only offers dedicated SSL router to support SSL certificate. This can be fully automated using cloudbees SDK / API client. But you'll then need a router per SSL certificate. I don't know short term plan to support multiple certificate per router