I have written an ASP.NET MVC application that allows the user to specify their own custom domain. I have IIS configured to send all requests to the default website so I do not need to use host headers. Everything works perfectly. The only problem is SSL.

I know this question has been asked multiple times in many forums but the answers generally conflict or speak in absolutes like (this cannot be done). That’s not really an option for me. What I’m looking for here are some options; I’m open to unconventional :).

I have seen some constructive responses that suggest using ISA server as an SSL proxy. Does anyone know more about this? Or has anyone configured this and had success?

Basically I want to provide the my users a way to request a CSR from the application, go purchase and download an SSL certficate, come back to my application and upload the certificate issued by an authorized certification company.

I’d like to do this without having to provide separate IP addresses to clients that want to use a custom domain and ssl on their site. This is simply because my application is hosted on the Amazon cloud and they’re not keen on giving me a big block of IP addresses.

My application can be hosted on IIS6 or IIS7 if that makes a difference.

SOLUTION:
Thanks for all your help on this guys. I certainly didn’t understand this problem as well as I do now. I think my solution for now will be to generate a wildcard certificate and force my clients to use clientname.someshareddomain.com if they want a secured connection. For clients that simply aren’t OK with that, I will probably provision another elastic IP address via api call to amazon web services, create a new website in IIS and point it at my application’s root folder, and then programatically generate a CSR from that new site.
I’m just going to have to work out some kind of deal with Amazon to give me a decent block of IP addresses.