Apache - Virtual Hosting Mass Client Configurable SSL, Reverse Proxy

ssl apache-2.4

Solution 1:

I would put Hitch TLS proxy in front of apache - https://hitch-tls.org/.

From the feature list:

  • Safe for large installations: performant up to 15 000 listening sockets and 500 000 certificates.
  • Support for seamless run-time configuration reloads of certificates and listen endpoints.

Unless it is very important for your users to create CSR's and choose CA's themselves, consider enabling hitch with Let's Encrypt and Acmetool. With a little scripting for adding and removing domains respectively, you'll get free certificates for all domains with automatic issuing and automatic renewal. Set and forget = Win:Win.

See: https://info.varnish-software.com/blog/five-steps-to-secure-varnish-with-hitch-and-lets-encrypt

Related

opendkim fail | bad RSA signature | verification failed unprotected key
Reflection inside spherical mirror
Proving that $\int_0^\infty\sin(x)dx=1$
Intuition behind Sobolev Inequality
What exactly is a countable union?
a simple proof that $\pi$ is irrational by Ivan Niven
Does there exist a nontrivial rational function which satisfies $f(f(f(f(x))))=x$?
For compass and straightedge problems, are you allowed to use the compass as a ruler?
100 blank cards, minimize the EV
Prime pattern found in the integral $\int_0^\pi \exp\left(\frac{\cos t}{8}\right)\cos\left(\frac{\sin t}{8}\right) \cos(nt )dt$
Elementary number theory in sets
On the integral $\int_0^\pi\sin(x\sin(x\sin(x\cdots)))\,dx$