We have a project where we want customers to be able to enter our site by way of a custom subdomain. This is not an issue on our main domain, example.com, as we can use the traditional wildcard method: customer.example.com.
Where this gets tricky, is with our development subdomains. So, for example, we may have dev.example.com. This would require the use of...
customer.dev.example.com
...where 'customer' is an arbitrary value, not contained in DNS. This would be handled by the web server and tied to a customer value.
Is this possible?
There are a couple of options that can satisfy this need. A number of vendors offer something called a Cloud Certificate. This is an all-encompassing certificate that lists a number of SANs under one roof. The downsides are that they are both expensive, and any changes require a separate purchase and installation.
The better solution is to purchase a series of wildcard certificates for each subdomain you wish to use. For example, for the domain example.com, you would have the wildcard certificate *.example.com, but you could also purchase subdomain wildcards, such as *.a.example.com, *.b.wildcard.com, etc. These are separate certificates that can all be generated using the same CSR and use the same private key. Even better, they are distinct from one another, can be purchased separately, and you add any further subdomain you need by simply buying its corresponding wildcard certificate.