from DigitalGov
This is post 4 in the 5-part series, The Right Tools for the Job: Re-Hosting DigitalGov Search to a Dynamic Infrastructure Environment. This post references the previous posts frequently, so please read those before reading this one if you haven't done so already. In addition to the DNS challenges created by offering "masked" domains such as nasasearch.nasa.gov, we also had to solve the problem of how to maintain SSL certificates for the main search.usa.gov domain along with the "masked" domains of all customers that wanted HTTPS support for their own domains. As also noted in an earlier post, this all needed to be done in a multi-app-server environment with no interruption of service. peterscode/iStock/Thinkstock SAN SSL Certificates and Let's Encrypt We knew we wanted to make use of a multi-domain Subject Alternative Name (SAN) SSL certificate, but the prospect of wrangling all the permissions and documentation required for authorizing such a certificate seemed quite daunting. The