We have an app recently deployed to Heroku. I think we have hit the wall in terms of our requirements (please make my conclusion wrong ) .
It's a project management app. Management has decided to go for all SSL solution hence we got ourselves wildcard certificate ( *.ourapp.net) from GoDaddy which we added successfully to Heroku under Hostname based SSL. Hostname based SSL requires putting particular CNAME(which needs to be secured) pointed to AmazonAWS url which is given by Heroku. For example , if we wanted to secure var.ourapp.net we will have to point CNAME var.ourapp.net ----> appid42352herokucom-324234.us-east-1.elb.amazonaws.com [this is example URL)
Since we wanted every first-level subdomain to be secure, we had to put *.myapp.net CNAME pointed to AmazonURL.
But this interferes with our application design where every wildcard subdomain(basic and wildcard domains are already added to the app) needs to be processed such that each customer could get branded URL like customername.outapp.net
Currently DNS is handled by Zerigo tier one.
Please suggest/recommend