Hopefully this had been answered before - i had a quick look but couldn’t find anything.
We have multiple customers (accounts).
One of the services we offer is automatic generation of gateway names using DNS.
For example if you deploy a mqtt gateway we automatically assign mqtt-gatewayxxxx.our-domain.com
We are now looking at how to automatically secure these as well
In an ideal world we would be able to have a *.our-domain.com certificate per customer (so a private key is the same for one customer but not across all customers)
It this an ideal design? Are there other ways we could do this?
A second design is that we manage just one certificate and share it with all customers but don’t let them know what the private key (i.e. inject when the gateway is spun up).