2

We offer software as a service that is fully hosted on Amazon Web Services (AWS). We mainly use Elastic Beanstalk (elastic load balancer + ec2 instances) and RDS (database service) plus many other services.

Many of our customers use our services with their own domain (white label), which isn't a problem. However, it becomes a problem when they want to use their own domain with SSL, since we can only host one SSL certificate per ec2 instance / load balancer.

So far, we have one customer using an SSL certificate. We've set up a very own environment for them, so that we can host their certificate. This is however not practical at all since we now need to do software updates etc. on two different environments (our own and theirs). This approach doesn't scale.

Is there a workaround to this? Is it possible to have an ec2 instance solely to host the customers SSL certificate but still route all traffic to our main environment (tunnelling)? Or maybe to host multiple certificates on our load balancer? Any other approaches?

Thank you very much for your inputs!

Lionel
  • 171
  • 1
  • 3
  • PS: We already use a UCC SSL certificate for our own environment, since we use multiple SSL domains ourselves. It is, however, not allowed to add domain addresses to this certificate that are not ours (ownership) and it wouldn't scale either to reissue our cert every time we have a new SSL customer. – Lionel Oct 07 '13 at 09:01

1 Answers1

2

It all depends on the nature of your application, really.

If all you're supplying is an HTTPS-based interface (SOAP, JSON or web app) and you do not use certificate-based authentication, then you can use some form of reverse proxy system.

In that case, the proxy would have a public interface that uses the public (your customer's) URL and forward requests to your internal system. It can still go through your load balancer as a client.

Stephane
  • 6,432
  • 3
  • 26
  • 47