By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to Handle 1,000's of SSL Certificates

0

Our platform is a multi-tenant content management system with thousands of customers. They all have their own domains and require SSL Certificates. We increased our quota limits to 100 certificates per ALB and 50 entries per certificate. This means we can get 5,000 entries or 2,500 domains (since we need 2 entries per domain - domain + wildcard for www). This is great, but we're expecting to onboard 10,000, 20,000, maybe 50,000+ new customers/domains over the next 6-12 months. What is the best solution for handling this? We could add a new ALB every time we max out our SSL limits, but is there a better solution? Thanks!

Topics
Security, Identity, & Compliance
Tags
AWS Certificate Manager
Language
English
brianpautsch
asked 10 months ago234 views
2 Answers
0

Putting the SA hat on here... Whats the requirement and reason for them to have their own domain?

Have you thought about a different way to deliver the solution so that this overhead isnt needed?

profile picture
EXPERT
Gary Mclean
answered 10 months ago
  • brianpautsch
    10 months ago

    They are hosting their business websites. Very similar to Wix, Squarespace, etc. Custom domains with SSL Certs are essential.

  • Gary Mclean EXPERT
    10 months ago

    I see now your issue. Someone else may have a better idea however apart from multiple ALB and certificates, the option that springs to mind is to use something like a F5 ltm virtual appliance for the ssl alb. I’m not sure of the limitations of the number of certificates here though.

0

Take a look at Nginx. You'd switch from a ALB to NLB pointed to that tier, and it can be configured with an unlimited number of certificates. After it handles SSL it'd forward the request on to your application tier for processing.

profile picture
jhmartin1
answered 10 months ago
  • brianpautsch
    10 months ago

    Cool. I'll definitely look into this. Looks like we can provision Let's Encrypt SSL Certs too.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content