I am implementing a multi-tenant application where my application hosts and serves technical documentation for a tenant's product.
Now, the approach that I was considering was – I host the documentation at docs.<tenant>.mycompany.com
and ask my tenant to setup a CNAME DNS record to point docs.tenantcompany.com
to docs.<tenant>.mycompany.com
.
I want to the site to be SSL-enabled with my tenant's certificate. I wanted to understand if I my tenant company has a wildcard SSL certificate, will it work with this setup or will a new SSL certificate have to be purchased for docs.tenantcompany.com
?
Best Answer
The certificate name must match what the user entered in the browser, not the 'final' DNS record. If the user enters
docs.tenantcompany.com
then your SSL certificate has to cover that.If
docs.tenantcompany.com
is a CNAME tofoo.example.com
, the certificate does not need to coverfoo.example.com
, justdocs.tenantcompany.com
.