top | item 41134593

(no title)

devrand | 1 year ago

That's one option. Alternatively, they could just delegate the _acme-challenge with a CNAME.

If clientportal.somebank.com is actually run by somesaas.com, they can define CNAME _acme-challenge.clientportal.somebank.com --> [some_key].domainvalidations.somesaas.com

When the SaaS vendor needs to request a new cert, they set the appropriate TXT record on [some_key].domainvalidations.somesaas.com.

discuss

No comments yet.