How can I let my clients use their own SSL on my SaaS

Question

We run a service that lets our clients run their own CMS. Our clients want to use their own SSL Certificate, wether it's self signed, or signed by another company.

Our application runs PHP. I was thinking of a reverse proxy technology, but we have too many of them to manually reload nginx.

We run on gcloud, so we have the ability to have buckets of SSL certificates.
We are ready to use SNI, thus, dropping support for WinXP.
We need to accept SSL certificates and implement them with very minimal infrastructure interaction (Reloading daemons, etc).
We are open to using any webserver or reverse proxy technology you recommend.
We do not want to use UCC, since we want to let the clients bring their own SSL.
IPv4 is scarce, thus, we want to limit the IP addresses we choose.

How would I go on about doing this?

EDIT: I tried OpenResty with their ssl plugin, although performance is lacking. If anyone have a better idea, share!

score 0 · Answer 1 · answered Jun 29 '21 at 05:35

0

Cloudflare lets you do this with their SSL for SaaS product:

https://developers.cloudflare.com/ssl/ssl-for-saas/uploading-certificates

answered Jun 29 '21 at 05:35

tommy chheng

121
3

How can I let my clients use their own SSL on my SaaS

1 Answers1