Windows Azure Multi-Tenant Application and SSL

4
votes

We are creating a multi-tenant ASP.NET MVC application that will be deployed onto Windows Azure. We will have some custom domain www.abc.com that will map to our given Windows Azure url abc.cloudapp.net. We are considering giving each tenant their own subdomain that will identify them on our application (tenant1.abc.com, tenant2.abc.com, tenant3.abc.com, etc) and then creating a CNAME record for each subdomain to map to abc.cloudapp.net. I have a few questions with this design.

  1. Will a single wildcard SSL certificate for *.abc.com allow all the tenants to access the site over a secure connection?
  2. Do we purchase the SSL certificate for *.abc.com or for abc.cloudapp.net?
  3. Will the url that our ASP.NET MVC application sees be the tenant1.abc.com url or the abc.cloudapp.net url?

Thanks

2
asp.net-mvcsslazuremulti-tenant

2 Answers

8
votes
  1. Yes, one wildcard certificate should be all you need
  2. You want it for *.abc.com
  3. I'm less sure about this one, but I'm pretty sure it's tenant1.abc.com
0
votes

knightpfhor's answer is perfect, but just in case you need to have a custom domain (using CNAME as well) for some of your premium tenants, now you can have "SSL hostheaders" with a new IIS 8 (Windows Server 2012) supported feature called SNI .

I'm a Microsoft Technical Evangelist and I have posted a detailed explanation and a sample "plug & play" source-code that address your current (sub-domain wildcard certificate) and possibly future needs (custom domain certificates) at: http://www.vic.ms/microsoft/windows-azure/multiples-ssl-certificates-on-windows-azure-cloud-services/