multi-site ssl certificate

We have a complete white-label application where clients have开发者_C百科 pointed domain to our IP address. When request comes in, we check $_SERVER['HTTP_HOST'] and serve up application based on $_SERVER['HTTP_HOST'].

Is it possible to use a multi-site SSL cert for all of our clients?

This can be done in one of three ways:

1. SNI with a unique certificate per domain (as noted in the techrepublic link)
2. Wildcard certificate
3. Single certificate, with a lot of subjectAltName entries

The downside of (1) is that it only works with certain browsers.

The downside of (2) is that you probably can't get a wildcard certificate from a trusted CA (and even if you do, *.com doesn't match www.foo.com).

The downside of (3) is that, every time your company gets a new client, you need a new certificate (with the new subjectAltName).

Personally, I'd go with (1).

Yes - you'll want to make sure that you use a wildcard SSL certificate, but you should be good to go.