I have written a small program to run on a Windows computer that serves SSL/TLS web pages through port 443 to visiting web browsers. I want it to be easy for non-technical people to install and run this program. I have made it easy for them to create a self-signed certificate or a certificate signing request in the program, but I think they are going to struggle getting the CSR signed and connected to a domain name which points at their server. I want to reduce the technical difficulty of this process to a minimum.
Can I purchase an SSL certificate which can sign certificates for subdomains of my domain name? Something like customer1.mydomain.com, customer2.mydomain.com etc and then I could point my DNS subdomains at their servers and sign their certificates for them and automate the entire process. Or maybe this would be very expensive?
If not, apart from hosting all their web applications on my own server with a *.mydomain.com certificate, what is the simplest solution I can give them for setting up the SSL certificates and domain names?
Best Answer
StartCom has an Intermediate Certificate Authority program. According to the linked site the program is intended for those issuing 1,000 or more certificates and the average cost is around $2 per issued certificate.