The biggest decision you have to make is where to maintain the SSL certificates and how, e.g. are the certificates signed by a trusted root authority or by a certificate trusted only within your company. Since you mention that your landscape is complex, I would look into setting/enabling PKI for your landscape. You might also be interested in SSO solutions since they make the transition easier, most of them have options for automatic SSL certificate provisioning.
↧