I would like to implement dynamic sub domains for a site that has to be secure (ssl).
I can setup a call to a dns api to add the A name for the subdomain, but was wondering if anyone can recommend an approach for adding the ssl information (based on a wildcard ssl certificate)?
All the subdomains would be for the name main domain.
eg.
The webserver is apache serving php.
The main problem is that before the underlying http request is sent the browser first has to take the SSL hurdle. In this phase the hostname is checked against the certificate that is used for the encryption. So before the webserver is told about the name of the requested site, the browser of the user is already seeing complaints about the hostname being different in the certificate.
The successor of SSL is called TLS and that does have a feature to allow what you want: Server Name Indication (SNI).
Read here for more information on TLS and SNI on these Wikipedia pages:
Here is a pretty good demo site:
You cannot have more than one domain name per IP on HTTPS. The 'Host' header is not sent, so the server doesn't know the domain name it's serving HTTPS content for - just the IP address.
edit: A wildcard certificate will allow serving of the same content from the same IP to multiple subdomains, but my reading of your question is that you'd like different content served for the different subdomains.
You can have a wildcard certificate issued for CN=*.domain.com
You can set up a wildcard dns entry (or multiple single entries) so that *.domain.com goes to the single ip address, then get a wildcard SSL certificate for *.domain.com
Then on the server, all 3 urls would reach the same website where you would need to handle in serverside script which site to show based on the hostname used.
Check out Subject Alternative Name support from your Certificate Provider.
Some offer it, others don't (Verisign does but you have to go through their PKI Sales channel!).
Digicert does:
http://www.digicert.com/subject-alternative-name.htm
Cheers