I have a scenario where the company I work for is hosting applications for companies on subdomains that point to our servers. Since our application processes credit cards we need to use HTTPS. For instance we may have gadgets.com and widgets.com which are two separate organizations, they will create an A record pointing to our server and setup a client subdomain (i.e. client.gadgets.com and client.widgets.com).
Given this scenario is it possible to purchase a single certificate to use on all of our client application subdomains or will the client need to purchase their own certificate and if so what kind?
You can purhase certificate which has multiple Subject Alternate Names listed, that is, the domain can be valid for
However, every time you get a new client, you have to purchase a new certificate that has this additional SAN in it.