On Thu, Mar 27, 2003, Shachar Shemesh wrote about "Re: SLL gateway": > Out of curiosity - don't you get certificate authentication error when > connecting to the sites, that the name on the certificate doesn't match > the name of the site?
Typically, an SSL accelerator (or a cluster of such devices) is used in front of a web-server farm; The SSL accelerator's IP address is the published address of your site, the DNS refers to that IP address, and the site's certificate is installed inside the SSL accelerator (supposedly in a secure manner, perhaps even using a FIPS-compliant SSL card which holds the site's keys in a way they cannot be stolen by software). Various configuration techniques (the simplest of which is bridge mode) allow you to stick an SSL accelerator in front of a running http server farm without even needing to change IP addresses of anything or modify any DNS settings. -- Nadav Har'El | Thursday, Mar 27 2003, 23 Adar II 5763 [EMAIL PROTECTED] |----------------------------------------- Phone: +972-53-245868, ICQ 13349191 |How do you tell when a pineapple is ready http://nadav.harel.org.il |to eat? It picks up its knife and fork ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
