How to Handle 1,000's of SSL Certificates

Our platform is a multi-tenant content management system with thousands of customers. They all have their own domains and require SSL Certificates. We increased our quota limits to 100 certificates per ALB and 50 entries per certificate. This means we can get 5,000 entries or 2,500 domains (since we need 2 entries per domain - domain + wildcard for www). This is great, but we're expecting to onboard 10,000, 20,000, maybe 50,000+ new customers/domains over the next 6-12 months. What is the best solution for handling this? We could add a new ALB every time we max out our SSL limits, but is there a better solution? Thanks!

トピック

セキュリティ、アイデンティティ、コンプライアンス

タグ

AWS Certificate Manager

言語

English

brianpautsch

質問済み 1年前241ビュー

2回答

新しい順
投票が多い順
コメントが多い順

これらの回答は役に立ちましたか？コミュニティがあなたの知識を活用できるように、正解に賛成票を投じてください。

Putting the SA hat on here... Whats the requirement and reason for them to have their own domain?

Have you thought about a different way to deliver the solution so that this overhead isnt needed?

エキスパート

Gary Mclean

回答済み 1年前

brianpautsch
1年前
They are hosting their business websites. Very similar to Wix, Squarespace, etc. Custom domains with SSL Certs are essential.
Gary Mclean エキスパート
1年前
I see now your issue. Someone else may have a better idea however apart from multiple ALB and certificates, the option that springs to mind is to use something like a F5 ltm virtual appliance for the ssl alb. I’m not sure of the limitations of the number of certificates here though.

Take a look at Nginx. You'd switch from a ALB to NLB pointed to that tier, and it can be configured with an unlimited number of certificates. After it handles SSL it'd forward the request on to your application tier for processing.

jhmartin1

回答済み 1年前

brianpautsch
1年前
Cool. I'll definitely look into this. Looks like we can provision Let's Encrypt SSL Certs too.

How to Handle 1,000's of SSL Certificates

関連するコンテンツ